Closed
Bug 978867
Opened 10 years ago
Closed 9 years ago
Make WebCrypto compatible with existing Firefox client-PKI support
Categories
(Core :: DOM: Security, enhancement)
Core
DOM: Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: anders.rundgren.net, Unassigned)
Details
Attachments
(1 file)
|
483.19 KB,
application/pdf
|
Details |
The unavailability of this interface greatly reduces the value of WebCrypto. Long-term this deficit will lead to major code duplication issues for IMO no reason at all. There are multiple solutions possible, enclosed is a proposal which shouldn't be hard to implement or make use of.
|
Reporter | |
Comment 1•10 years ago
|
||
A few more motives for this update: - It is said that WebCrypto needs a smart card interface. It doesn't, by using a "bridge" of the kind suggested here, the existing smart card including PINs (which also is missing in WebCrypto) can be reused "as is" - Major objections to using HTTPS CCA (Client Certificate Authentication) include no way to influence the GUI like you can for form-based auth and lack of compatibility with web sessions. Yes, there's not even a working logout. The "bridge" solution allows sites creating secure but customized logins that are fully compatible with the rest of the web application.
QA Whiteboard: allstars.chh@mozilla.com,amac@tid.es,anders.rundgren.net@gmail.com,annevk@annevk.nl,brian@briansmith.org,bugzilla@nulltxt.se,ckarlof@mozilla.com,dhylands@mozilla.com,ehsan@mozilla.com,etienne@segonzac.info,gdestuynder@mozilla.com,honzab.moz@firemni.cz,ian
|
|
Reporter | |
Updated•10 years ago
|
QA Whiteboard: allstars.chh@mozilla.com,amac@tid.es,anders.rundgren.net@gmail.com,annevk@annevk.nl,brian@briansmith.org,bugzilla@nulltxt.se,ckarlof@mozilla.com,dhylands@mozilla.com,ehsan@mozilla.com,etienne@segonzac.info,gdestuynder@mozilla.com,honzab.moz@firemni.cz,ian
|
|
Reporter | |
Comment 2•10 years ago
|
||
Technically the WebCrypto implementation probably only would need to expand the "Key" interface underpinnings so that a Key object either points to the original WebCrypto scheme or to another holding NSS provider and key id.
|
||
Comment 3•10 years ago
|
||
Did you mean to send this feedback to this mailing list? <http://lists.w3.org/Archives/Public/public-webcrypto-comments/>
|
|
Reporter | |
Comment 4•10 years ago
|
||
This proposal has already been published on the WebCrypto comment list. It didn't got any sanction or support but since no alternatives have been suggested either, I feel pretty safe that this represents a good intermediate step :-) The proposal is also very different to Google's recently introduced U2F scheme so there is no overlap in case Mozilla wants to support U2F (which probably is wise). http://fidoalliance.org/specifications/download A possible next iteration requires a considerably updated platform to run. This version is designed to (among many things) be the core for future web payments: http://webpki.org/papers/PKI/pki-webcrypto.pdf
|
||
Updated•10 years ago
|
Component: Security → DOM: Security
Product: Firefox → Core
|
|
Reporter | |
Comment 5•9 years ago
|
||
WebCrypto has pretty much turned out to be a "solution looking for a problem". Google recently recommended a user looking into: http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html I believe this is a more fruitful venue.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Comment 6•9 years ago
|
||
This is also a replacement for WebCrypto: https://bugzilla.mozilla.org/show_bug.cgi?id=1065729
You need to log in
before you can comment on or make changes to this bug.
Description
•