Closed
Bug 978867
Opened 11 years ago
Closed 10 years ago
Make WebCrypto compatible with existing Firefox client-PKI support
Categories
(Core :: DOM: Security, enhancement)
Core
DOM: Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: anders.rundgren.net, Unassigned)
Details
Attachments
(1 file)
483.19 KB,
application/pdf
|
Details |
The unavailability of this interface greatly reduces the value of WebCrypto.
Long-term this deficit will lead to major code duplication issues for IMO no reason at all.
There are multiple solutions possible, enclosed is a proposal which shouldn't be hard to implement or make use of.
Reporter | ||
Comment 1•11 years ago
|
||
A few more motives for this update:
- It is said that WebCrypto needs a smart card interface. It doesn't, by using a "bridge" of the kind suggested here, the existing smart card including PINs (which also is missing in WebCrypto) can be reused "as is"
- Major objections to using HTTPS CCA (Client Certificate Authentication) include no way to influence the GUI like you can for form-based auth and lack of compatibility with web sessions. Yes, there's not even a working logout. The "bridge" solution allows sites creating secure but customized logins that are fully compatible with the rest of the web application.
QA Whiteboard: allstars.chh@mozilla.com,amac@tid.es,anders.rundgren.net@gmail.com,annevk@annevk.nl,brian@briansmith.org,bugzilla@nulltxt.se,ckarlof@mozilla.com,dhylands@mozilla.com,ehsan@mozilla.com,etienne@segonzac.info,gdestuynder@mozilla.com,honzab.moz@firemni.cz,ian
Reporter | ||
Updated•11 years ago
|
QA Whiteboard: allstars.chh@mozilla.com,amac@tid.es,anders.rundgren.net@gmail.com,annevk@annevk.nl,brian@briansmith.org,bugzilla@nulltxt.se,ckarlof@mozilla.com,dhylands@mozilla.com,ehsan@mozilla.com,etienne@segonzac.info,gdestuynder@mozilla.com,honzab.moz@firemni.cz,ian
Reporter | ||
Comment 2•11 years ago
|
||
Technically the WebCrypto implementation probably only would need to expand the "Key" interface underpinnings so that a Key object either points to the original WebCrypto scheme or to another holding NSS provider and key id.
Comment 3•11 years ago
|
||
Did you mean to send this feedback to this mailing list? <http://lists.w3.org/Archives/Public/public-webcrypto-comments/>
Reporter | ||
Comment 4•11 years ago
|
||
This proposal has already been published on the WebCrypto comment list. It didn't got any sanction or support but since no alternatives have been suggested either, I feel pretty safe that this represents a good intermediate step :-)
The proposal is also very different to Google's recently introduced U2F scheme so there is no overlap in case Mozilla wants to support U2F (which probably is wise).
http://fidoalliance.org/specifications/download
A possible next iteration requires a considerably updated platform to run. This version is designed to (among many things) be the core for future web payments:
http://webpki.org/papers/PKI/pki-webcrypto.pdf
Updated•10 years ago
|
Component: Security → DOM: Security
Product: Firefox → Core
Reporter | ||
Comment 5•10 years ago
|
||
WebCrypto has pretty much turned out to be a "solution looking for a problem".
Google recently recommended a user looking into:
http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html
I believe this is a more fruitful venue.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 6•10 years ago
|
||
This is also a replacement for WebCrypto:
https://bugzilla.mozilla.org/show_bug.cgi?id=1065729
You need to log in
before you can comment on or make changes to this bug.
Description
•