Investigation for replacing crypto.generateCRMFRequest() with new <keygen> tag

[pki-bot]

This issue was migrated from Pagure Issue #577. Originally filed by cfu (@cfu) on 2013-04-02 22:00:37:

• Closed as Invalid
• Assigned to nobody

---

task to investigate whether the newly improved can do all we want it to do, including key archival for both RSA and ECC keys, and then later DSA keys as well.

On 04/01/2013 03:19 PM, Robert Relyea wrote:

On 04/01/2013 02:46 PM, Brian Smith wrote:

See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and
See https://developer.mozilla.org/en-US/docs/JavaScript_crypto/generateCRMFRequest

My understanding is that is supposed to replace window.crypto.generateCRMFRequest.
So keygen was first, window.crypto.generateCRMFRequest() was made to fix some issues (and get some features like key-recovery). The new effort in I think was meant to address those issues.

I have no idea how common window.crypto.generateCRMFRequest is. Is it obsolete? Should it be removed? Does anybody have a link to a site that is using it for its intended purpose?

If it is obsolete, I would like to remove it ASAP.
I'm pretty sure it's still used by produces like this one: http://pki.fedoraproject.org/wiki/PKI_Main_Page

I don't think you can remove it for a while. Server deployments lag client features by quite a few years. Servers don't implement new features supplied in clients until they are release. This type of feature isn't quite like a normal html feature, where you can update a .hmtl file or a content manager macro. These tags are usually tied more closely to the servers that use them.

More generally, I would like to remove all the Mozilla-proprietary methods and properties from window.crypto; i.e. all the ones athttps://developer.mozilla.org/en-US/docs/JavaScript_crypto. Some of them are actually pretty problematic. Are there any worth keeping?

I'd say you probably can't do that wholesale, but you probably can review and cull this list, particularly if there are good replacements.

Thanks,
Brian

[pki-bot]

Comment from nkinder (@nkinder) at 2013-11-22 20:34:07

The tag does not support archival. There is no suitable replacement for generateCRMFRequest at this time. At this point, I don't believe Mozilla can/will remove this, so there's nothing to do on our side. If that decision changes, we will have to revisit this.

[pki-bot]

Comment from kengert at 2015-02-03 11:16:24

Replying to [comment:4 nkinder]:

At this point, I don't believe Mozilla can/will remove this, so there's nothing to do on our side. If that decision changes, we will have to revisit this.

Mozilla removed it in Firefox 33.

https://bugzilla.mozilla.org/show_bug.cgi?id=1030963
https://wiki.mozilla.org/SecurityEngineering/Removing_Proprietary_window.crypto_Functions

[pki-bot]

Comment from cfu (@cfu) at 2017-02-27 14:10:34

Metadata Update from @cfu:

• Issue set to the milestone: 10.2 - 04/14 (April)