On Thursday 30 July 2015 14:32:01 Richard Barnes wrote: > On Thu, Jul 30, 2015 at 6:53 AM, Hubert Kario <hka...@redhat.com> wrote: > > On Wednesday 29 July 2015 16:35:41 David Keeler wrote: > > > [cc'd to dev-security for visibility. This discussion is intended to > > > happen on dev-platform; please reply to that list.] > > > > > > Ryan Sleevi recently announced the pre-intention to deprecate and > > > eventually remove support for the <keygen> element and special-case > > > handling of the application/x-x509-*-cert MIME types from the blink > > > platform (i.e. Chrome). > > > > > > Much, if not all, of that reasoning applies to gecko as well. > > > Furthermore, it would be a considerable architectural improvement if > > > gecko were to remove these features (particularly with respect to e10s). > > > Additionally, if they were removed from blink, the compatibility impact > > > of removing them from gecko would be lessened. > > > > > > I therefore propose we follow suit and begin the process of deprecating > > > and removing these features. The intention of this post is to begin a > > > discussion to determine the feasibility of doing so. > > > > because pushing people to use Internet Explorer^W^W Spartan^W Edge in > > enterprise networks is a good plan to continue loosing market share for > > Mozilla products! /s > > > > lack of easy, cross-application certificate deployment is the _reason_ for > > low > > rates of deployment of client certificates, but where they are deployed, > > they > > are _critical_ > > <keygen> doesn't help you with cross-application deployment. After all, IE > doesn't support it.
and how removing <keygen> makes the situation better? yes, Firefox doesn't deploy to system cert store (by default), but it's a bug in Firefox, not a feature -- Regards, Hubert Kario
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
