#2229 RFE: stand-alone thin EE clients for various platforms
Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by cfu.

This proposal may be an answer to Firefox's loss of support for CRMF key archival, and furthermore, it provides the gap that CS never filled on the client side usability.

Issue 1 (loss of key archival function)

It has been noted for some time now that the latest Firefox does not support CRMF key archival any more. I have proposed in various discussion that we would just have to resolve to CLIs (e.g. CRMFPopClient, pki) for recommended replacement.
Two problems:
a. The CLI's usage is probably not for the general public
b. They only come in CS packages on support RHEL and Fedora platforms. Which is not reflective of the reality when it comes to CS client base (Windows, Mac, even Android and iOS).

Issue 2 (usability):

Currently (and it has always been), for a soft-token based enrollment, on the (EE) client side, one would access the EE port from the browser at his/her workstation (of any supported platform) to get an issuance of a cert. The keys may or may not have been archived, depending on the enrollment profile.
Once done, to actually use the cert/keys, one would then have to export the cert/keys, and import it into another application. e.g. Thunderbird for SMIME cert

Proposal:

I propose that we tear into the existing pki cli and see if we can make it as thin as possible that could be ported onto other platforms. NSS and JSS have had presence in the Windows world (not sure about other platform), so maybe we can start there.
Once Windows is working, we could looking into other more popular platforms stated above.


This ticket has a related ticket intended for "devices":

Per CS/DS Triage Meeting of 03/22/2016: FUTURE

Metadata Update from @cfu:
- Issue assigned to cfu
- Issue set to the milestone: UNTRIAGED

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2349

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata