IETF Logo Mail Archive

Re: [KEYPROV] CMS Usage in a Browser Environment

Anders Rundgren <anders.rundgren@telia.com> Wed, 19 January 2011 11:47 UTC

Return-Path: <anders.rundgren@telia.com>
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7B9B3A6FC4 for <keyprov@core3.amsl.com>; Wed, 19 Jan 2011 03:47:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.129
X-Spam-Level:
X-Spam-Status: No, score=-3.129 tagged_above=-999 required=5 tests=[AWL=0.470, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0XeP1ZLqZBU for <keyprov@core3.amsl.com>; Wed, 19 Jan 2011 03:47:03 -0800 (PST)
Received: from smtp-out21.han.skanova.net (smtp-out21.han.skanova.net [195.67.226.208]) by core3.amsl.com (Postfix) with ESMTP id 4B9973A6FC1 for <keyprov@ietf.org>; Wed, 19 Jan 2011 03:47:03 -0800 (PST)
Received: from [192.168.0.201] (81.232.45.215) by smtp-out21.han.skanova.net (8.5.133) (authenticated as u36408181) id 4D07517100B5F3B8; Wed, 19 Jan 2011 12:49:40 +0100
Message-ID: <4D36CFD3.8030403@telia.com>
Date: Wed, 19 Jan 2011 12:49:39 +0100
From: Anders Rundgren <anders.rundgren@telia.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <3E2A0ABE-05DA-4641-A8A8-BDE967A1D2D9@gmx.net>
In-Reply-To: <3E2A0ABE-05DA-4641-A8A8-BDE967A1D2D9@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: KEYPROV <keyprov@ietf.org>
Subject: Re: [KEYPROV] CMS Usage in a Browser Environment
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jan 2011 11:47:04 -0000

Hannes Tschofenig wrote:
> Hi all, 
> 
> I am wondering whether someone has gotten some experience with CMS usage in
a browser based environment for signing JSON tokens (or other content).

Hi Hannes,

I believe almost every browser is running on a cryptographic platform that
supports CMS.  However, they don't expose this functionality because that
would be a security problem unless there is a GUI involved where the user
grants the browser to sign an object including saying which key to use.

This is essentially what I've been ranting about since years back:
you don't get anywhere unless you start programming browsers or know
somebody who do.

What the GUI should contain is depending on the underlaying application.
In WASP (http://webpki.org/papers/wasp/wasp-tutorial.pdf) it is about
signing a document (request), while in KeyGen2 (http://webpki.org/auth-token-4-the-cloud.html)
it is about allowing an issuer creating keys.

I have FWIW downloaded Firefox 4 beta code and have managed to compile
it at least.  Since this isn't my day-job I guess the rest will be slow.
If there is somebody out there who is interested in making browsers more
capable, just drop me a line :-)

Cheers,
Anders

> 
> Ciao
> Hannes
> 
> PS: I am working with others on a BOF about JSON cryptographic procedures:
> http://trac.tools.ietf.org/bof/trac/wiki/WikiStart
> 
> _______________________________________________
> KEYPROV mailing list
> KEYPROV@ietf.org
> https://www.ietf.org/mailman/listinfo/keyprov
>

v2.23.0 | Report a Bug | By Email