[cc'd to dev-security for visibility. This discussion is intended to happen on dev-platform; please reply to that list.]
Ryan Sleevi recently announced the pre-intention to deprecate and eventually remove support for the <keygen> element and special-case handling of the application/x-x509-*-cert MIME types from the blink platform (i.e. Chrome). Rather than reiterate his detailed analysis, I'll refer to the post here: https://groups.google.com/a/chromium.org/d/msg/blink-dev/pX5NbX0Xack/kmHsyMGJZAMJ Much, if not all, of that reasoning applies to gecko as well. Furthermore, it would be a considerable architectural improvement if gecko were to remove these features (particularly with respect to e10s). Additionally, if they were removed from blink, the compatibility impact of removing them from gecko would be lessened. I therefore propose we follow suit and begin the process of deprecating and removing these features. The intention of this post is to begin a discussion to determine the feasibility of doing so. Cheers, David
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
