[OpenID] OpenID Providers Invited to Join in an NSTIC Pilot Proposal

Francisco Corella fcorella at pomcor.com
Mon Feb 13 17:43:59 UTC 2012 

Eddy,

> >  I suppose you use JavaScript to generate the keypair and to import the certificate?
>
> No, never - the keypair is always generated by the browser. See https://www.startssl.com/?app=25#51

OK, that says you use keygen to generate a key pair in Firefox (an
ActiveX control in IE).  But you still have to use JavaScript to
import the certificate into the browser.  AFAIK that's the only way
you can automatically import a certificate into the browser with
current technology.  In Firefox you must be using
crypto.importUserCertificates(), is that right?

Francisco




>________________________________
> From: Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org>
>To: "openid-general at lists.openid.net >> 'openid-general'" <openid-general at lists.openid.net> 
>Sent: Sunday, February 12, 2012 3:49 PM
>Subject: Re: [OpenID] OpenID Providers Invited to Join in an NSTIC Pilot Proposal
> 
>
>Hi Francisco,
>
>On 02/13/2012 12:03 AM, From Francisco Corella: 
>One thing that's new in our pilot proposal is the use of keygen for
>>automatic issuance of certificates.  I now know that you do
        issue
>>certificates automatically, I tried it out yesterday.  
>Welcome!
>
>
>But you don't use keygen, do you?
>>
>It depends on the browser. Keygen is used everywhere except Internet
    Explorer where we deploy currently VBscript for the enrollment. And
    unfortunately Google Chrome doesn't support client certificate
    enrollment except in a limited form on Linux.
>
>
> I suppose you use JavaScript to generate the keypair and to import the certificate?
>No, never - the keypair is always generated by the browser. See https://www.startssl.com/?app=25#51
>
>
>
>Regards  
>  
>Signer:  Eddy Nigg, COO/CTO 
>  StartCom Ltd. 
>XMPP:  startcom at startcom.org 
>Blog:  Join the Revolution! 
>Twitter:  Follow Me 
>  
>
>_______________________________________________
>general mailing list
>general at lists.openid.net
>http://lists.openid.net/mailman/listinfo/openid-general
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120213/73a97f00/attachment.html>

More information about the general mailing list