[whatwg] <keygen>

Lars sunberg at gmail.com
Tue Jan 6 05:12:23 PST 2009


I have written some documentation on this before, and I have already
published it to this mailing list. You can find it at
http://phpmylogin.sourceforge.net/wiki/doku.php?id=keygen_attribute if
its nowhere to be found....

The private/public keypair generated with the keygen tag is only
useful if you have configured your webserver to only allow
certificates signed by your CA. I know of a few netbanks that does it
this way. Its a very secure solution!

If you want, I can send you some more php code of how I implemented
this in one of my projects. I can also make a little test-case if that
would be better..

Thanks for bringing up this subject again!


On Tue, Jan 6, 2009 at 1:40 PM, Ian Hickson <ian at hixie.ch> wrote:
> Over the years, several people (most of them bcc'ed) have asked for HTML5
> to include a definition of <keygen>. Some have even gone as far as finding
> documentation on the element -- thank you.
> As I understand it based on the documentation, <keygen> basically
> generates a public/private asymmetric cryptographic key pair, and then
> sends the public component as its form value.
> Unfortunately, this seems completely and utterly useless, as at no point
> does there seem to be any way to ever use the private component either for
> signing or for decrypting anything, nor does there appear to be a way to
> use the certificate for authentication.
> Without further information along these lines describing how to actually
> make practical use of the element, I do not intend to document <keygen> in
> the HTML5 specification. If anyone can fill in these holes that would be
> very helpful.
> Cheers,
> --
> Ian Hickson               U+1047E                )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list