[whatwg] <keygen>

Story Henry henry.story at bblfish.net
Fri Jan 9 14:57:43 PST 2009

We started putting a wiki page together for this that will be kept up  
to date here:



On 9 Jan 2009, at 00:28, Story Henry wrote:

> Dear WhatWG,
> I just subscribed to this list having noticed a thread earlier this  
> month on the topic of the <keygen> tag. As it happens we are working  
> on a protocol
> foaf+ssl where keygen turns out to be extremely useful. It allows us  
> to create web services to give people very secure certificates which  
> can then be used to build a secure distributed social network based  
> on a web of trust.
> The foaf+ssl protocol works as it happens with most existing  
> browsers - though we have not done a detailed study of this yet (if  
> people could help this would be greatly appreciated). The protocol  
> is summarized here:
> http://www.w3.org/2008/09/msnws/papers/foaf+ssl.html
> And you can find more on my blog at http://blogs.sun.com/bblfish .
> The discussion on <keygen> which produces spkac public keys which it  
> sends to the server can be found on the foaf-protocols mailing list  
> archive under 'spkac'
> http://lists.foaf-project.org/pipermail/foaf-protocols/2009-January/date.html
> To tell you the truth I just discovered this tag recently myself,  
> wrote some code to test that it worked, found it to work on Opera,  
> Netscape, and Firefox, though it works slightly differently on each  
> platform.
> http://lists.foaf-project.org/pipermail/foaf-protocols/2009-January/000153.html
> I also put up a page on wikipedia:
> 	http://en.wikipedia.org/wiki/Spkac
> So please do keep the tag, and perhaps work on making it easier to  
> work with.
> 	Henry
> Blog: http://blogs.sun.com/bblfish
> Ian Hickson wrote on January 6 2009:
>> Over the years, several people (most of them bcc'ed) have asked for  
>> HTML5 to include a definition of <keygen>. Some have even gone as  
>> far as finding documentation on the element -- thank you. As I  
>> understand it based on the documentation, <keygen> basically  
>> generates a public/private asymmetric cryptographic key pair, and  
>> then sends the public component as its form value.  Unfortunately,  
>> this seems completely and utterly useless, as at no point does  
>> there seem to be any way to ever use the private component either  
>> for signing or for decrypting anything, nor does there appear to be  
>> a way to use the certificate for authentication. Without further  
>> information along these lines describing how to actually make  
>> practical use of the element, I do not intend to document <keygen>  
>> in the HTML5 specification. If anyone can fill in these holes that  
>> would be very helpful. Cheers,

More information about the whatwg mailing list