Will the WebCrypto API allow discovery/enumeration of certificates? from Gregor Močnik on 2015-09-08 (public-webcrypto-comments@w3.org from September 2015)

From: Gregor Močnik <gregor.mocnik@infrax.si>
Date: Tue, 8 Sep 2015 11:02:03 +0200
To: <public-webcrypto-comments@w3.org>
Message-ID: <021d01d0ea15$07b5eb80$1721c280$@infrax.si>

Hello,

 

as I've understood from conversations, there is no plan of implementation of
enumeration of certificates in webcryptoapi.

 

So, how would you suggest to accomplish the task of signing of an xml
document with client certificate within browser?

 

I'am aware of plugin implementations (java, npapi, activex, ...), but as I
know, this kind of solutions are all going to be unsupported in the future.

 

There is one other way and that is to implement this functionality in a
local webserver app.

 

Any other possibilities?

 

I still think that, it should be possible to sign something with client
certificate with webcrypto api. There was comment from Ryan Sleevi that
client certs contain PII. OK, yes they do, but why do we need them then, if
we can't use them. There should be some solution, don't you think so?

 

Thank you.

 

Regards

 

Gregor

Received on Tuesday, 8 September 2015 12:51:03 UTC