undefined | Better HN

0 pointsmortehu5y ago0 comments

I did some digging, and I believe this was implemented with the <keygen> element and the generateCRMFRequest and importUserCertificate JavaScript functions.

https://bugzilla.mozilla.org/show_bug.cgi?id=1088063

0 comments

jessaustin5y ago

Thanks for the information. I don't remember ever learning anything about <keygen>. It looks as though most popular browsers (not IE; shocking!) supported it in the past, but most have now removed that support. [0] Perhaps there were some security or usability issues with this functionality? (Off the top of my head, if user certs are a single factor how do we ensure that desktops with more than one user don't install them?) ISTM the PKI world is moving to more short-lived, or even ephemeral, certificates. A complicated user-driven certificate generation process in the browser doesn't really fit that trend.

[0] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/ke...

j / k navigate · click thread line to collapse

0 pointsmortehu5y ago0 comments

I did some digging, and I believe this was implemented with the <keygen> element and the generateCRMFRequest and importUserCertificate JavaScript functions.

https://bugzilla.mozilla.org/show_bug.cgi?id=1088063

0 comments

jessaustin5y ago

[0] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/ke...

j / k navigate · click thread line to collapse