[whatwg] <keygen> and X509 client cert mime type

Wed Feb 26 01:49:42 PST 2014

So in summary:

 (1) most browsers currently understand the mime types 
     (a) application/x-x509-user-cert 
     (b) application/x-x509-ca-cert 
     (c) application/x-x509-email-cert
   ( I have only verified (a) btw. I am assuming the others also support (b) and (c) )
   as specified here
   https://wiki.mozilla.org/CA:Certificate_Download_Specification

  (2) the above mime types are not registered
     http://www.iana.org/assignments/media-types/media-types.xhtml

   So really either the old mime types should be registered, or they should be mentioned as being
 in use but deprecated and people should be guided towards the application/pkix-cert 

On 25 Feb 2014, at 15:01, henry.story at bblfish.net wrote:

> Hi,
> 
>  The keygen form element does a great job of specifying how the browser
> creates a public/private key pair, stores the private key in it's local
> keystore. 
> 
> "When the control's form is submitted, the private key is stored in the local keystore,
> and the public key is packaged and sent to the server."
> 
> It is clear that the intention is for the server to send back a certificate built 
> from the public key. What I can't find is what the mime type of the returned 
> certificate should be. I have been using `application/x-x509-user-cert` which 
> seems to work for Safari, Firefox, Opera . But I think that is not an officially
> supported certificate type. application/pkix-cert seems to be that after looking it
> up on iana.
> 
> I ended up posting a bug report for Android on that.
>  http://code.google.com/p/android/issues/detail?id=66342
> 
> But now I have to check for each browser which is the type all browsers support.
> To avoid people having to do this research again and again, perhaps it would
> be worth specifying a mime type that all browsers do/must support in the HTML5
> spec?
> 
>   Henry
> 
> Social Web Architect
> http://bblfish.net/
> 

Social Web Architect
http://bblfish.net/