Implement key size array at KEYPARAMS in KEYGEN tag for RSA keys

RESOLVED WONTFIX

Status

()

Core
Security: PSM
--
enhancement
RESOLVED WONTFIX
9 years ago
2 years ago

People

(Reporter: Eddy Nigg (StartCom), Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-enroll])

(Reporter)

Description

9 years ago
I don't know if this follows any accepted standard (for example HTML 5), but we should implement a way to set the requested key sizes offered in the select box for the KEYGEN tag when using RSA keys (the default). If no value is set, the default as per bug 495836 should be used.

I'll try to propose a patch for this.
Eddy, be sure that any scheme you design works for DSA and ECDSA as well as 
for RSA.
(Reporter)

Comment 2

9 years ago
I'm following right now two different ideas and I would appreciate some input:

The minimum key size should never be below 2048 bit - otherwise fail - report error.

1.) One parameter with a string of comma limited numbers, e.g. "2048,3072,4096,5120".
2.) Only one parameter with a string of the required key size, e.g. "3072".

Opinions?
> Opinions?

1. How does the proposed scheme work with DSA and ECDSA?

2. I'm not convinced that Mozilla should be forcing all its users to follow
NIST's rules/minimums.  As you may know, Firefox has a "FIPS mode" which 
claims to conform to the NIST requirements of FIPS 140-2.  It is probably 
appropriate to enforce NIST minimum key sizes while in FIPS mode, but I 
would be reluctant to force it on users who care not about FIPS.  

Remember, RC4 is not a FIPS/NIST approved cipher, and it is STILL the single
most used cipher in all of SSL/TLS, because it is the fastest and most economical (from a cost per transaction point of view).  No browser today 
can realistically propose to stop supporting RC4.  I think the situation 
with 1k bit USER certs is the same.  

I'd prefer to see investment going into crypto.generateCRMFRequest than into
the KEYGEN tag.  There are many advantages to CRMF, not the least of which
is its ability to request certificates for keys that CANNOT be used for 
signing, which is comething that PKCS#10 and SPKAC cannot do.
(Reporter)

Comment 4

9 years ago
1.) This bug should have no affect on DSA I think.

2.) This bug is about providing an option to set a preferred key size or an array of preferred key sizes by the site operator. This bug isn't about increasing the key size to satisfy NIST. Nevertheless we shouldn't use something below 2048 today for reasons stated in bug 495836.

3.) generateCRMFRequest isn't supported so far by any other browser to all of my knowledge. KEYGEN is supported by more than one. (also unfortunately my experience with generateCRMFRequest isn't that great, but that's beyond the issue here of course).
This may be drifting off topic, but what other browsers support KEYGEN?
(Reporter)

Comment 6

9 years ago
The Webkit family (Safari, Konqueror and potentially also Chrome).

Updated

8 years ago
Assignee: kaie → nobody
Whiteboard: [psm-enroll]
We aren't allocating resources to improving keygen.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.