Re: [TLS] SSL Logout possibility in Javascript
Henry Story <henry.story@bblfish.net> Wed, 27 July 2011 16:15 UTC
Return-Path: <henry.story@bblfish.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C27B221F877D for <tls@ietfa.amsl.com>; Wed, 27 Jul 2011 09:15:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.154
X-Spam-Level:
X-Spam-Status: No, score=-3.154 tagged_above=-999 required=5 tests=[AWL=-0.156, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SA5pScQRyfJQ for <tls@ietfa.amsl.com>; Wed, 27 Jul 2011 09:15:41 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0ADA721F84BF for <tls@ietf.org>; Wed, 27 Jul 2011 09:15:25 -0700 (PDT)
Received: by wyj26 with SMTP id 26so1078477wyj.31 for <tls@ietf.org>; Wed, 27 Jul 2011 09:15:13 -0700 (PDT)
Received: by 10.216.134.82 with SMTP id r60mr4877wei.13.1311783312014; Wed, 27 Jul 2011 09:15:12 -0700 (PDT)
Received: from bblfish.home (AAubervilliers-651-1-201-28.w83-114.abo.wanadoo.fr [83.114.32.28]) by mx.google.com with ESMTPS id l68sm23869weq.10.2011.07.27.09.15.09 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 27 Jul 2011 09:15:10 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: multipart/alternative; boundary="Apple-Mail=_E1CBF6AD-EADA-483D-9071-57EC6285E4C4"
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <B317F647-4090-49FF-BF91-3292C70A738D@bblfish.net>
Date: Wed, 27 Jul 2011 18:15:08 +0200
Message-Id: <3BD3E194-FD9E-4BC8-B7A6-E291DA22A895@bblfish.net>
References: <CA2F649C.1922B%josh.howlett@ja.net> <4E09BC6A.80004@telia.com> <7F6C35A3-09F5-4E98-BE83-C45235E14669@bblfish.net> <4E09D19A.6010802@telia.com> <D218C800-BBC1-4CC3-8877-65915A53F2DC@bblfish.net> <CAEoffTCCqEkCvGeeWpYwVvHOjE-VBd+b7JdEfxqZCu9n1ZUjHQ@mail.gmail.com> <4E0EB967.6050503@telia.com> <B8ED9512-8B79-4395-AD19-874B79DA0A37@bblfish.net> <4E0F24C1.7020806@telia.com> <B317F647-4090-49FF-BF91-3292C70A738D@bblfish.net>
To: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org>, public-identity@w3.org, tls@ietf.org
X-Mailer: Apple Mail (2.1244.3)
Subject: Re: [TLS] SSL Logout possibility in Javascript
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2011 16:15:42 -0000
I have just played around with the javascript login/logout possibilities mentioned by Anders Rundgren. The javascript I am using is that the end. Note that I am using xhtml currently, so that may have its own side effects - i.e., perhaps things work better in plain html... I am trying to see if login also works with javascript. That would be very useful, because people can easily click on the cancel button of a certificate, and the browser then remembers that decision. So I am looking to see if one can then force a login again... Here are some temporary conclusions with browsers I tried on OSX Firefox 5.0.1 - logout works - login works if clicking the cancel button. One has to go to a new web page though. Safari 5.1 - logout does not work with javascript (but Safari does recognise TLS error codes sent, so that those can be used to logout - I have not tested this version though) Chrome 13.0.782.99 - logout does not work and neither does login Opera 11.50 - login, logout: does not recognise the window.crypto object So that is good news. I guess that means we have Internet Explorer and Firefox we can easily logout with. Being able to log-in again as with Firefox in case a mistake is made is also very helpful. Are there some other tricks one can use perhaps? //this is for xhtml //these functions are described here http://html5.creation.net/webcrypto-api/ <script language="JavaScript" type="text/javascript"> <![CDATA[ function logout() { if (document.all == null) // FF, Opera, etc { alert('logout in ff,opera...') if (window.crypto) window.crypto.logout(); else alert('no window.crypto') } else // MSIE 6+ { alert('logout in msie') document.execCommand('ClearAuthenticationCache'); }; } function login() { if (document.all == null) // FF, Opera, etc { alert('login in ff,opera...') if (window.crypto) window.crypto.logout(); else alert('no window.crypto') } else // MSIE 6+ { alert('login in msie') document.execCommand('ClearAuthenticationCache'); }; } ]]> </script> Social Web Architect http://bblfish.net/
- Re: [TLS] SSL Logout possibility in Javascript Henry Story