[whatwg] <keygen> element

Lars sunberg at gmail.com
Wed Jul 9 05:56:11 PDT 2008


This is using TLS/SSL.

Example: You tell your webserver that under directory /secure/ the
client must have a certificate signed by CA1. For the client to get
this certificate you normally make it, sign it, and them import it to
the browser. With the <keygen> attribute, all this is done in a clean
more secure way. The browser is generating everything, sends the
public key with SPKAC (http://www.openssl.org/docs/apps/spkac.html) to
the server.

So as you see, its not an replacement of TLS/SSL in any way. Its just
a better way to do it.


On Wed, Jul 9, 2008 at 2:35 PM, Rimantas Liubertas <rimantas at gmail.com> wrote:
> <...>
>> For those of you who doesn't know what this element is doing; Its for
>> generating a private/public certificate keypair. The browser keeps the
>> private one, and the server gets the public one which it signs and
>> then sends back to the browser. This is extremely useful for secure
>> verification. Netbanks and other heavy security sites should/are using
>> this.
> <...>
>> Is there any hope for this element? What information does which people
>> want to make this an HTML5 standard?
> Hi,
> how is this better than SSL/TLS?
> Regards,
> Rimantas
> --
> http://rimantas.com/

More information about the whatwg mailing list