[whatwg] <keygen> and X509 client cert mime type

henry.story at bblfish.net henry.story at bblfish.net
Wed Feb 26 01:49:42 PST 2014

So in summary:

 (1) most browsers currently understand the mime types 
     (a) application/x-x509-user-cert 
     (b) application/x-x509-ca-cert 
     (c) application/x-x509-email-cert
   ( I have only verified (a) btw. I am assuming the others also support (b) and (c) )
   as specified here

  (2) the above mime types are not registered
   So really either the old mime types should be registered, or they should be mentioned as being
 in use but deprecated and people should be guided towards the application/pkix-cert 

On 25 Feb 2014, at 15:01, henry.story at bblfish.net wrote:

> Hi,
>  The keygen form element does a great job of specifying how the browser
> creates a public/private key pair, stores the private key in it's local
> keystore. 
> "When the control's form is submitted, the private key is stored in the local keystore,
> and the public key is packaged and sent to the server."
> It is clear that the intention is for the server to send back a certificate built 
> from the public key. What I can't find is what the mime type of the returned 
> certificate should be. I have been using `application/x-x509-user-cert` which 
> seems to work for Safari, Firefox, Opera . But I think that is not an officially
> supported certificate type. application/pkix-cert seems to be that after looking it
> up on iana.
> I ended up posting a bug report for Android on that.
>  http://code.google.com/p/android/issues/detail?id=66342
> But now I have to check for each browser which is the type all browsers support.
> To avoid people having to do this research again and again, perhaps it would
> be worth specifying a mime type that all browsers do/must support in the HTML5
> spec?
>   Henry
> Social Web Architect
> http://bblfish.net/

Social Web Architect

More information about the whatwg mailing list