[Pki-devel] [PATCH] Added Chrome keygen warning
John Magne
jmagne at redhat.com
Fri May 13 01:39:21 UTC 2016
Took a look at this.
Seems pretty good, so ACK, with a concern or two.
I think we might want to consider seeing if we can somehow short circuit
the display to something that won't let them send to the server, when we
know we don't even have the keygen tag available.
So if tested to work with Firefox and Chrome, etc, ACK once again.
----- Original Message -----
From: "Matthew Harmsen" <mharmsen at redhat.com>
To: "pki-devel" <pki-devel at redhat.com>
Cc: "Jack Magne" <jmagne at redhat.com>
Sent: Thursday, May 12, 2016 3:45:11 PM
Subject: [PATCH] Added Chrome keygen warning
While testing chrome, we discovered that (a) keygen would soon not be
supported:
* https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/pX5NbX0Xack
(b) although keygen is still supported, it has been disabled by default
with a workaround provided to re-enable it:
* https://support.quovadisglobal.com/kb/a470/deprecation-of-keygen-tag-in-chrome-chromium-browsers.aspx
Please review the attached patch which supplies a warning message and
instructions on how to re-enable keygen
on Chrome browsers that support this:
* PKI TRAC #2323 - Firefox Warning appears in EE page launched from
within Chrome <https://fedorahosted.org/pki/ticket/2323>
Additionally, an attempt was made to identify the case when KeyGen would
not be available on Firefox and Chrome.
-- Matt
More information about the Pki-devel
mailing list