Moving discussion to mozilla.dev.tech.crypto, but do go ahead and file bugs. I doubt 3.5 behaves any differently than 3.0 (you did mean 3.0.10, right? If you're using Firefox 2 please stop).
nk wrote: > Hi all, > I am researching the window.crypto.generatedCRMFRequest() function > available on FireFox (I am using FF 2.0.10). > Now, if requested keys are for signing - everything looks good. > But if requested keys are for key exchange (e.g. "rsa-ex"), the > generated CRMF request structure has a number of issues. > > Here are the issues I am facing: > 1) A PKIArchiveOptions control is included (http://www.ietf.org/rfc/ > rfc4211.txt, section 6.4). The EncryptedKey structure in it is encoded > as a SEQUENCE while it actually is a CHOICE. Our CRMF decoder is > throwing as soon as it sees this structure. Shall I raise a bug ? > 2) The EncryptedKey is encoded as the now deprecated EncryptedValue > structure. Is there a plan to encode the value with EnvelopedData > structure any time soon ? > 3) Finally, the ProofOfPossession structure looks broken in this > scenario as what we see is: A2 05 80 03 00 03 00, which does not seem > to relate to any of the permitted options desrcibed in RFC 4211, > section 4. FYI: If CRMF request contains cert request for a signing > key pair the ProofOfPossession is valid (a correct instance of > POPOSigningKey) and is correctly verified by our decoder. > > Does anyone know if these issues have been addressed in FF 3.5 and if > not, will they be addressed in the next releases of FF ? > > Many thanks in advance, > Nikolai Koustov. > > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
