Re: [Pki-devel] [PATCH] Added Chrome keygen warning

Took a look at this. Seems pretty good, so ACK, with a concern or two. I think we might want to consider seeing if we can somehow short circuit the display to something that won't let them send to the server, when we know we don't even have the keygen tag available. So if tested to work with Firefox and Chrome, etc, ACK once again. ----- Original Message ----- From: "Matthew Harmsen" <mharmsen(a)redhat.com&gt; To: "pki-devel" <pki-devel(a)redhat.com&gt; Cc: "Jack Magne" <jmagne(a)redhat.com&gt; Sent: Thursday, May 12, 2016 3:45:11 PM Subject: [PATCH] Added Chrome keygen warning While testing chrome, we discovered that (a) keygen would soon not be supported: * https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/pX5Nb... (b) although keygen is still supported, it has been disabled by default with a workaround provided to re-enable it: * https://support.quovadisglobal.com/kb/a470/deprecation-of-keygen-tag-in-c... Please review the attached patch which supplies a warning message and instructions on how to re-enable keygen on Chrome browsers that support this: * PKI TRAC #2323 - Firefox Warning appears in EE page launched from within Chrome <https://fedorahosted.org/pki/ticket/2323> Additionally, an attempt was made to identify the case when KeyGen would not be available on Firefox and Chrome. -- Matt