[Pki-devel] [PATCH] Added Chrome keygen warning
Matthew Harmsen
mharmsen at redhat.com
Fri May 13 02:08:01 UTC 2016
On 05/12/2016 07:39 PM, John Magne wrote:
> Took a look at this.
>
> Seems pretty good, so ACK, with a concern or two.
>
> I think we might want to consider seeing if we can somehow short circuit
> the display to something that won't let them send to the server, when we
> know we don't even have the keygen tag available.
>
> So if tested to work with Firefox and Chrome, etc, ACK once again.
>
> ----- Original Message -----
> From: "Matthew Harmsen" <mharmsen at redhat.com>
> To: "pki-devel" <pki-devel at redhat.com>
> Cc: "Jack Magne" <jmagne at redhat.com>
> Sent: Thursday, May 12, 2016 3:45:11 PM
> Subject: [PATCH] Added Chrome keygen warning
>
> While testing chrome, we discovered that (a) keygen would soon not be
> supported:
>
> * https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/pX5NbX0Xack
>
> (b) although keygen is still supported, it has been disabled by default
> with a workaround provided to re-enable it:
>
> * https://support.quovadisglobal.com/kb/a470/deprecation-of-keygen-tag-in-chrome-chromium-browsers.aspx
>
> Please review the attached patch which supplies a warning message and
> instructions on how to re-enable keygen
> on Chrome browsers that support this:
>
> * PKI TRAC #2323 - Firefox Warning appears in EE page launched from
> within Chrome <https://fedorahosted.org/pki/ticket/2323>
>
> Additionally, an attempt was made to identify the case when KeyGen would
> not be available on Firefox and Chrome.
>
> -- Matt
>
Thanks, comment added to this section of code; checked into master.
More information about the Pki-devel
mailing list