Open pki-bot opened 4 years ago
Comment from mharmsen (@mharmsen) at 2016-03-23 01:35:54
This ticket has a related ticket intended for "devices":
Comment from mharmsen (@mharmsen) at 2016-03-23 01:38:55
Per CS/DS Triage Meeting of 03/22/2016: FUTURE
Comment from cfu (@cfu) at 2017-02-27 14:06:35
Metadata Update from @cfu:
This issue was migrated from Pagure Issue #2229. Originally filed by cfu (@cfu) on 2016-03-03 21:56:04:
This proposal may be an answer to Firefox's loss of support for CRMF key archival, and furthermore, it provides the gap that CS never filled on the client side usability.
Issue 1 (loss of key archival function)
It has been noted for some time now that the latest Firefox does not support CRMF key archival any more. I have proposed in various discussion that we would just have to resolve to CLIs (e.g. CRMFPopClient, pki) for recommended replacement. Two problems: a. The CLI's usage is probably not for the general public b. They only come in CS packages on support RHEL and Fedora platforms. Which is not reflective of the reality when it comes to CS client base (Windows, Mac, even Android and iOS).
Issue 2 (usability):
Currently (and it has always been), for a soft-token based enrollment, on the (EE) client side, one would access the EE port from the browser at his/her workstation (of any supported platform) to get an issuance of a cert. The keys may or may not have been archived, depending on the enrollment profile. Once done, to actually use the cert/keys, one would then have to export the cert/keys, and import it into another application. e.g. Thunderbird for SMIME cert
Proposal:
I propose that we tear into the existing pki cli and see if we can make it as thin as possible that could be ported onto other platforms. NSS and JSS have had presence in the Windows world (not sure about other platform), so maybe we can start there. Once Windows is working, we could looking into other more popular platforms stated above.