[whatwg] <keygen>

Story Henry henry.story at bblfish.net
Thu Jan 8 15:28:44 PST 2009

Dear WhatWG,

I just subscribed to this list having noticed a thread earlier this  
month on the topic of the <keygen> tag. As it happens we are working  
on a protocol
foaf+ssl where keygen turns out to be extremely useful. It allows us  
to create web services to give people very secure certificates which  
can then be used to build a secure distributed social network based on  
a web of trust.

The foaf+ssl protocol works as it happens with most existing browsers  
- though we have not done a detailed study of this yet (if people  
could help this would be greatly appreciated). The protocol is  
summarized here:


And you can find more on my blog at http://blogs.sun.com/bblfish .

The discussion on <keygen> which produces spkac public keys which it  
sends to the server can be found on the foaf-protocols mailing list  
archive under 'spkac'


To tell you the truth I just discovered this tag recently myself,  
wrote some code to test that it worked, found it to work on Opera,  
Netscape, and Firefox, though it works slightly differently on each  


I also put up a page on wikipedia:


So please do keep the tag, and perhaps work on making it easier to  
work with.


Blog: http://blogs.sun.com/bblfish

Ian Hickson wrote on January 6 2009:
> Over the years, several people (most of them bcc'ed) have asked for  
> HTML5 to include a definition of <keygen>. Some have even gone as  
> far as finding documentation on the element -- thank you. As I  
> understand it based on the documentation, <keygen> basically  
> generates a public/private asymmetric cryptographic key pair, and  
> then sends the public component as its form value.  Unfortunately,  
> this seems completely and utterly useless, as at no point does there  
> seem to be any way to ever use the private component either for  
> signing or for decrypting anything, nor does there appear to be a  
> way to use the certificate for authentication. Without further  
> information along these lines describing how to actually make  
> practical use of the element, I do not intend to document <keygen>  
> in the HTML5 specification. If anyone can fill in these holes that  
> would be very helpful. Cheers,

More information about the whatwg mailing list