On 2013-10-10 01:36, Nathan Kinder wrote:
> On 09/28/2013 12:17 PM, Brian Smith wrote:
>> On Sat, Sep 28, 2013 at 7:52 AM, Sean Leonard
>> wrote:
>>> On 9/27/2013 5:51 PM, Robert Relyea wrote:
I don't have a problem with going for an industry standard way of doing
all of these thin
On 10/9/2013 4:36 PM, Nathan Kinder wrote:
I'm all for a standardized replacement, but it seems wrong to rip out
something that has been a nice functional feature that people have
come to rely on for many years before a replacement is available.
Also (in support of preserving, NOT removing,
On 2013-10-10 01:36, Nathan Kinder wrote:
> On 09/28/2013 12:17 PM, Brian Smith wrote:
>> On Sat, Sep 28, 2013 at 7:52 AM, Sean Leonard
>> wrote:
>>> On 9/27/2013 5:51 PM, Robert Relyea wrote:
I don't have a problem with going for an industry standard way of doing
all of these thin
On 09/28/2013 12:17 PM, Brian Smith wrote:
On Sat, Sep 28, 2013 at 7:52 AM, Sean Leonard wrote:
On 9/27/2013 5:51 PM, Robert Relyea wrote:
I don't have a problem with going for an industry standard way of doing
all of these things, but it's certainly pretty presumptuous to remove these
featur
sst...@mozilla.com wrote:
> Do we have telemetry on how frequently these APIs are used?
I expect that, of the small percentage of people that are using these APIs,
they are using them (except signText) very infrequently--like once a year. When
I talked to Ehsan and Andrew Overholt about this, we
Do we have telemetry on how frequently these APIs are used?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 09/28/2013 12:17 PM, Brian Smith wrote:
> On Sat, Sep 28, 2013 at 7:52 AM, Sean Leonard wrote:
>> On 9/27/2013 5:51 PM, Robert Relyea wrote:
>>> I don't have a problem with going for an industry standard way of doing
>>> all of these things, but it's certainly pretty presumptuous to remove thes
On Sat, Sep 28, 2013 at 7:52 AM, Sean Leonard wrote:
> On 9/27/2013 5:51 PM, Robert Relyea wrote:
>>
>> I don't have a problem with going for an industry standard way of doing
>> all of these things, but it's certainly pretty presumptuous to remove these
>> features without supplying the industry
On 9/27/2013 5:51 PM, Robert Relyea wrote:
I don't have a problem with going for an industry standard way of
doing all of these things, but it's certainly pretty presumptuous to
remove these features without supplying the industry standard
replacements and time for them to filter through the in
On 09/28/2013 04:14 AM, From Ryan Sleevi:
I certainly am not one to make decisions about Firefox's goals for the
Web Platform, given what I work on, but I applaud efforts to remove
non-standard features and to standardize features. But I don't think
one must be held hostage to the other - the f
On 09/28/2013 03:51 AM, From Robert Relyea:
Ryan is correct. What FF does not do is reload the page when the smart
card is removed. The most common use of smart card events is forcing the
reloading the page.
Correct - and the current session on the application level can be
invalidated. Someth
On Fri, September 27, 2013 5:51 pm, Robert Relyea wrote:
>
>
> On 09/27/2013 05:01 PM, Ryan Sleevi wrote:
> > On Fri, September 27, 2013 4:09 pm, Eddy Nigg wrote:
> >> On 09/28/2013 01:59 AM, From Ryan Sleevi:
> >>> If your site requires a client certificate, and you know that a client
> >>> cert
On 09/27/2013 05:01 PM, Ryan Sleevi wrote:
> On Fri, September 27, 2013 4:09 pm, Eddy Nigg wrote:
>> On 09/28/2013 01:59 AM, From Ryan Sleevi:
>>> If your site requires a client certificate, and you know that a client
>>> certificate is stored in a smart card, then you also know that when
>>> us
On Fri, September 27, 2013 4:09 pm, Eddy Nigg wrote:
> On 09/28/2013 01:59 AM, From Ryan Sleevi:
> > If your site requires a client certificate, and you know that a client
> > certificate is stored in a smart card, then you also know that when
> > using
> > Firefox, and the smart card is removed,
On Fri, September 27, 2013 4:09 pm, Eddy Nigg wrote:
> On 09/28/2013 01:59 AM, From Ryan Sleevi:
> > If your site requires a client certificate, and you know that a client
> > certificate is stored in a smart card, then you also know that when
> > using
> > Firefox, and the smart card is removed,
On 09/28/2013 01:59 AM, From Ryan Sleevi:
If your site requires a client certificate, and you know that a client
certificate is stored in a smart card, then you also know that when using
Firefox, and the smart card is removed, Firefox will invalidate that
SSL/TLS session.
Not really - except in
On Fri, September 27, 2013 3:46 pm, Eddy Nigg wrote:
> On 09/28/2013 12:45 AM, From Ryan Sleevi:
> > NSS already performs checking that the given smart card used to
> > authenticate is present whenever encrypting or decrypting data. This
> > includes cached session resumption as well.
>
> Not SSL
On 09/28/2013 12:45 AM, From Ryan Sleevi:
NSS already performs checking that the given smart card used to
authenticate is present whenever encrypting or decrypting data. This
includes cached session resumption as well.
Not SSL session of course, but on the web application layer.
If you're not
On Fri, September 27, 2013 2:22 pm, Eddy Nigg wrote:
> On 09/27/2013 11:52 PM, From Ryan Sleevi:
> > Let me try it differently: What actions do you take on this information?
>
> Terminating a current session or triggering authentication to a new
> session.
When you define session, what do you m
On 09/27/2013 11:52 PM, From Ryan Sleevi:
Let me try it differently: What actions do you take on this information?
Terminating a current session or triggering authentication to a new session.
As far as I know, IE doesn't provide the smart card insertion/removal
events, except perhaps through
On Fri, September 27, 2013 1:35 pm, Eddy Nigg wrote:
> On 09/27/2013 08:52 PM, From Ryan Sleevi:
> >
> > How do you deal with this in other browsers?
>
> Well, I don't...so far :-)
>
> However I'm aware of similar capabilities with IE.
>
> > What are the specific features that you need?
>
> Det
On 09/27/2013 08:52 PM, From Ryan Sleevi:
How do you deal with this in other browsers?
Well, I don't...so far :-)
However I'm aware of similar capabilities with IE.
What are the specific features that you need?
Detection of smart card removal or insertion.
Can you think of other ways th
On Fri, September 27, 2013 10:29 am, Eddy Nigg wrote:
> On 09/27/2013 08:12 PM, From Brian Smith:
> > My question is not so much "Is anybody using this functionality" but
> > rather "What really terrible things, if any, would happen if we
> > removed them?"
>
> We might have to look for alternati
On 09/27/2013 08:12 PM, From Brian Smith:
My question is not so much "Is anybody using this functionality" but
rather "What really terrible things, if any, would happen if we
removed them?"
We might have to look for alternatives because when the card is removed
or inserted with can trigger se
On Fri, Sep 27, 2013 at 2:31 AM, Eddy Nigg wrote:
> On 09/27/2013 02:29 AM, From Brian Smith:
>
>> I have met with several members of our DOM and web API teams and we've
>> tentatively agreed that we should remove these functions if at all
>> possible--as soon as 2014Q1. That is, we're hoping to r
On Thu, 2013-09-26 at 16:29 -0700, Brian Smith wrote:
> On Mon, Apr 8, 2013 at 2:52 AM, helpcrypto helpcrypto
> wrote:
> >
> > While awaiting to http://www.w3.org/TR/WebCryptoAPI/ Java applets for
> > client signning, signText and are needed.
> > Also things like Handling smart card events or Lo
Brian Smith schrieb:
> Yes, I am interested in hearing why you think we cannot remove these
> functions.
Well, it would be nice to have an alternative API. If you force us to
move from signText to some other stuff outside Firefox, I'll doubt we'll
switch to WebCryptoAPI again... .
http://www.w3.
On 09/27/2013 02:29 AM, From Brian Smith:
I have met with several members of our DOM and web API teams and we've
tentatively agreed that we should remove these functions if at all
possible--as soon as 2014Q1. That is, we're hoping to remove all of
window.crypto.* except getRandomValues, and all
On Mon, Apr 8, 2013 at 2:52 AM, helpcrypto helpcrypto
wrote:
>
> While awaiting to http://www.w3.org/TR/WebCryptoAPI/ Java applets for
> client signning, signText and are needed.
> Also things like Handling smart card events or Loading PKCS #11
> modules is being use by many.
> So, you _CANT_ rem
On 2013-04-08 15:21, helpcrypto helpcrypto wrote:
> On Mon, Apr 8, 2013 at 12:10 PM, Anders Rundgren
> wrote:
>> This seems to be out of scope:
>> http://lists.w3.org/Archives/Public/public-webcrypto/2013Apr/0072.html
>
> Hi Anders.
>
>
> As it scopes signning:
> http://www.w3.org/TR/WebCryptoA
On Mon, Apr 8, 2013 at 12:10 PM, Anders Rundgren
wrote:
> This seems to be out of scope:
> http://lists.w3.org/Archives/Public/public-webcrypto/2013Apr/0072.html
Hi Anders.
As it scopes signning:
http://www.w3.org/TR/WebCryptoAPI/#Crypto-method-sign, I suppose you
mean smartcards are out of sco
On 2013-04-08 14:52, helpcrypto helpcrypto wr
ote:
>>> More generally, I would like to remove all the Mozilla-proprietary methods
>>> and properties from window.crypto; i.e. all the
>>> ones athttps://developer.mozilla.org/en-US/docs/JavaScript_crypto. Some of
>>> them are actually pretty problem
>> More generally, I would like to remove all the Mozilla-proprietary methods
>> and properties from window.crypto; i.e. all the
>> ones athttps://developer.mozilla.org/en-US/docs/JavaScript_crypto. Some of
>> them are actually pretty problematic.
>> Are there any worth keeping?
>>
> signText() i
Hi.
Brian Smith schrieb:
> See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and
> See
> https://developer.mozilla.org/en-US/docs/JavaScript_crypto/generateCRMFRequest
>
> My understanding is that is supposed to replace
> window.crypto.generateCRMFRequest.
>
> I have no ide
On 2013-04-01 23:46, Brian Smith wrote:
> See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and
> See
> https://developer.mozilla.org/en-US/docs/JavaScript_crypto/generateCRMFRequest
>
> My understanding is that is supposed to replace
> window.crypto.generateCRMFRequest.
>
>
On 04/01/2013 02:46 PM, Brian Smith wrote:
See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and
See
https://developer.mozilla.org/en-US/docs/JavaScript_crypto/generateCRMFRequest
My understanding is that is supposed to replace
window.crypto.generateCRMFRequest.
So keygen w
I know nothing about these APIs. Other than that some minimal version
of is in the HTML5 spec.
/ Jonas
On Mon, Apr 1, 2013 at 2:46 PM, Brian Smith wrote:
> See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and
> See
> https://developer.mozilla.org/en-US/docs/JavaScript_crypt
37 matches
Mail list logo
