[whatwg] <keygen> tag
ian at hixie.ch
Fri Feb 12 04:31:45 PST 2010
On Fri, 15 Jan 2010, Bruno Harbulot wrote:
> Whilst I'm very supportive of having a key-generation mechanism in the
> browser, I'm now not entirely sure the <keygen> tag, at least as a
> legacy of the Netscape <keygen> tag, is the correct approach.
Indeed. It's only in the spec because that's what browsers implement.
> More specifically:
> 1. The more modern APIs (generateCRMFRequest on Firefox or
> CertEnroll/XEnroll on Internet Explorer) appear to offer more options in
> general, for example, where to store the private key, is it exportable,
> etc. (I haven't looked in details, but I suspect it could be envisaged
> to use some existing key material from a software store or smartcard
> too, for example.) This raises the question as to whether a tag is
> sufficient or appropriate to express what's required for a CA, or if an
> API (and more programming) is required.
> 2. The SPKAC format seems to be a legacy format. It doesn't really allow
> to convey much information that CAs would expect, unlike other formats
> used by the more modern APIs. Perhaps it would be better to use one of
> the newer formats instead. This might break the compatibility with the
> pre-HTML 5 use of <keygen> (maybe another name than <keygen> in HTML5
> would be better?).
Agreed. I would encourage anyone interested in following up on this topic
to write a specification for such an API and get it implemented in
browsers. It doesn't have to be part of HTML, as it is really an
> Of course, the other big question is whether it's worth trying to
> standardise this <keygen> tag if there's no intent of support from major
> browser vendors (I have IE in mind here).
Pages depend on one of two mechanisms. We can specify either one. The
first is <keygen>. The second is ActiveX and the Win32 API.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg