W3C home > Mailing lists > Public > public-identity@w3.org > December 2011

Re: CertEnroll JS Crypto API

From: David Dahl <ddahl@mozilla.com>
Date: Thu, 1 Dec 2011 05:28:33 -0800 (PST)
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: public-identity@w3.org
Message-ID: <1600416670.18227.1322746113659.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>
----- Original Message -----
> From: "Anders Rundgren" <anders.rundgren@telia.com>
> To: public-identity@w3.org
> Sent: Thursday, December 1, 2011 6:07:02 AM
> Subject: CertEnroll JS Crypto API
> http://blogs.msdn.com/b/alejacma/archive/2009/01/28/how-to-create-a-certificate-request-with-certenroll-javascript.aspx
> 
> If you read the comments you can see that you need to muck around with
> "IE security"
> settings in order to get it to work. IMNSHO, this demonstrates the
> general uselessness
> of the JS-based crypto API approach for performing crypto operations
> in general purpose
> ("open") crypto modules.

This certainly demonstrates the uselessness of Microsoft's js-crypto approach. 

> 
> Feel free to try, but do not expect the browser vendors to implement
> something which is
> broken already on the drawing board.

I am not generally a betting man, but I would take this bet.

Perhaps you have not looked at the DOMCrypt extension demo's javascript? https://github.com/daviddahl/domcrypt/blob/master/demos/demo.js

Of course this code is now old and not to the proposed spec, but it is rather easy to digest and simple to use. Naturally, handling key material is not part of the new version of the spec.

Best Regards,

David
Received on Thursday, 1 December 2011 13:39:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 1 December 2011 13:39:39 GMT