[whatwg] <keygen>
Story Henry
henry.story at bblfish.net
Fri Jan 9 14:57:43 PST 2009
We started putting a wiki page together for this that will be kept up
to date here:
http://esw.w3.org/topic/foaf+ssl
Henry
On 9 Jan 2009, at 00:28, Story Henry wrote:
> Dear WhatWG,
>
> I just subscribed to this list having noticed a thread earlier this
> month on the topic of the <keygen> tag. As it happens we are working
> on a protocol
> foaf+ssl where keygen turns out to be extremely useful. It allows us
> to create web services to give people very secure certificates which
> can then be used to build a secure distributed social network based
> on a web of trust.
>
> The foaf+ssl protocol works as it happens with most existing
> browsers - though we have not done a detailed study of this yet (if
> people could help this would be greatly appreciated). The protocol
> is summarized here:
>
> http://www.w3.org/2008/09/msnws/papers/foaf+ssl.html
>
> And you can find more on my blog at http://blogs.sun.com/bblfish .
>
> The discussion on <keygen> which produces spkac public keys which it
> sends to the server can be found on the foaf-protocols mailing list
> archive under 'spkac'
>
> http://lists.foaf-project.org/pipermail/foaf-protocols/2009-January/date.html
>
> To tell you the truth I just discovered this tag recently myself,
> wrote some code to test that it worked, found it to work on Opera,
> Netscape, and Firefox, though it works slightly differently on each
> platform.
>
> http://lists.foaf-project.org/pipermail/foaf-protocols/2009-January/000153.html
>
> I also put up a page on wikipedia:
>
> http://en.wikipedia.org/wiki/Spkac
>
> So please do keep the tag, and perhaps work on making it easier to
> work with.
>
> Henry
>
> Blog: http://blogs.sun.com/bblfish
>
>
> Ian Hickson wrote on January 6 2009:
>> Over the years, several people (most of them bcc'ed) have asked for
>> HTML5 to include a definition of <keygen>. Some have even gone as
>> far as finding documentation on the element -- thank you. As I
>> understand it based on the documentation, <keygen> basically
>> generates a public/private asymmetric cryptographic key pair, and
>> then sends the public component as its form value. Unfortunately,
>> this seems completely and utterly useless, as at no point does
>> there seem to be any way to ever use the private component either
>> for signing or for decrypting anything, nor does there appear to be
>> a way to use the certificate for authentication. Without further
>> information along these lines describing how to actually make
>> practical use of the element, I do not intend to document <keygen>
>> in the HTML5 specification. If anyone can fill in these holes that
>> would be very helpful. Cheers,
>
>
>
>
More information about the whatwg
mailing list