[whatwg] <keygen>

Story Henry henry.story at bblfish.net
Thu Jan 8 15:28:44 PST 2009


Dear WhatWG,

I just subscribed to this list having noticed a thread earlier this  
month on the topic of the <keygen> tag. As it happens we are working  
on a protocol
foaf+ssl where keygen turns out to be extremely useful. It allows us  
to create web services to give people very secure certificates which  
can then be used to build a secure distributed social network based on  
a web of trust.

The foaf+ssl protocol works as it happens with most existing browsers  
- though we have not done a detailed study of this yet (if people  
could help this would be greatly appreciated). The protocol is  
summarized here:

http://www.w3.org/2008/09/msnws/papers/foaf+ssl.html

And you can find more on my blog at http://blogs.sun.com/bblfish .

The discussion on <keygen> which produces spkac public keys which it  
sends to the server can be found on the foaf-protocols mailing list  
archive under 'spkac'

http://lists.foaf-project.org/pipermail/foaf-protocols/2009-January/date.html

To tell you the truth I just discovered this tag recently myself,  
wrote some code to test that it worked, found it to work on Opera,  
Netscape, and Firefox, though it works slightly differently on each  
platform.

http://lists.foaf-project.org/pipermail/foaf-protocols/2009-January/000153.html

I also put up a page on wikipedia:

	http://en.wikipedia.org/wiki/Spkac

So please do keep the tag, and perhaps work on making it easier to  
work with.

	Henry

Blog: http://blogs.sun.com/bblfish


Ian Hickson wrote on January 6 2009:
> Over the years, several people (most of them bcc'ed) have asked for  
> HTML5 to include a definition of <keygen>. Some have even gone as  
> far as finding documentation on the element -- thank you. As I  
> understand it based on the documentation, <keygen> basically  
> generates a public/private asymmetric cryptographic key pair, and  
> then sends the public component as its form value.  Unfortunately,  
> this seems completely and utterly useless, as at no point does there  
> seem to be any way to ever use the private component either for  
> signing or for decrypting anything, nor does there appear to be a  
> way to use the certificate for authentication. Without further  
> information along these lines describing how to actually make  
> practical use of the element, I do not intend to document <keygen>  
> in the HTML5 specification. If anyone can fill in these holes that  
> would be very helpful. Cheers,







More information about the whatwg mailing list