summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-12-29 14:49:16 +0100
committerJan Dittberner <jandd@cacert.org>2020-12-29 14:49:16 +0100
commit14dc442cf48e9e0577f49f857a751b081e8d1b91 (patch)
tree3e61898eac0ca936c703cf5815ce0304cbd2f610
parent178dd980a05789a929eb684b044562b87e621f82 (diff)
downloadcacert-codedocs-14dc442cf48e9e0577f49f857a751b081e8d1b91.tar.gz
cacert-codedocs-14dc442cf48e9e0577f49f857a751b081e8d1b91.tar.xz
cacert-codedocs-14dc442cf48e9e0577f49f857a751b081e8d1b91.zip
Add section for keygen replacement
-rw-r--r--source/future.rst20
1 files changed, 20 insertions, 0 deletions
diff --git a/source/future.rst b/source/future.rst
index ad50410..0798216 100644
--- a/source/future.rst
+++ b/source/future.rst
@@ -237,6 +237,26 @@ could just use information from the client certificates issued by our CA.
We could use OAuth2 or OpenID Connect for our own infrastructure too.
+Client certificate enrollment in browser
+----------------------------------------
+
+The ancient ``keygen`` tag is not implemented by modern browsers and needs a
+replacement to allow easy enrollment of client certificates for users that are
+not capable to use external tools. There is :bug:`1417` filed by affected
+users.
+
+There are JavaScript libraries like https://pkijs.org/ and
+https://github.com/digitalbazaar/forge that support the cryptographic
+operations.
+
+There are already two prototype implementations by Bernhard and Jan that could
+be integrated with the current or a new future web application.
+
+- Bernhard's proof of concept with a subset of pkijs
+ https://secure.convey.de/publish/ted/TestPKI.html
+- Jan's proof of concept with the forge library
+ https://git.dittberner.info/jan/browser_csr_generation
+
Cross cutting concerns
======================