Ted Kummert, S. Somasegar (Soma), Bill Laing: On Trifecta Launching and Working Together -…

I wish that they would give us the ability to clear the SSL cache from Javascript like in the mozilla base browers. This is very imported when using client certificates store on a smart card to authentication users to a site. There is no way to clear/close
the SSL on logout, unless you close IE. When you revised the site you are not prompted for PIN code again, becuse the SSL session is alive.
In mozilla you can for example do:
function register() {
window.crypto.enableSmartCardEvents=true;
document.addEventListener("smartcard-remove",<callback>,false);
};
For closing SSL session:
function logout() {
window.crypto.logout
};
There is noway to clear SSL cache even from a ActiveX Control (With calling something undocumented)
-gk
Hakime wrote:Webslices a new feature? You are kidding, right? I mean it would be nice that the folks of channel9 just go out a little to see what is going on. Webslices is nothing more than a ripp off of Webclip, a feature introduced in Safari for Mac OS 10.5. At least IE folks could be honest and clearly admit that they took the idea from Safari and they ripped it off. That won't kill them....
Hakime wrote:Webslices a new feature? You are kidding, right? I mean it would be nice that the folks of channel9 just go out a little to see what is going on. Webslices is nothing more than a ripp off of Webclip, a feature introduced in Safari for Mac OS 10.5. At least IE folks could be honest and clearly admit that they took the idea from Safari and they ripped it off. That won't kill them....
I'd have to support this. Allowing cached certificates to persist after smart card removal does not appear to have any benefits and has some serious downsides. The certificate in the SSL cache clearly needs purging when the originating credential is withdrawn. Are the IE developers are relying on a smart card authenticated Windows session to be logged out or locked?