<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.20996" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff background="">
<DIV><FONT face=Arial size=2>Maciej Stachowiak wrote:<BR></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>>HTML5 is meant to specify every
HTML feature that you need to</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>>implement a browser than can
handle the real-world Web. At this point,</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>anyone implementing a new browser
engine would have to support <keygen>. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Microsoft would unlikely support something they
already have a better </FONT><FONT face=Arial size=2>(and by every CA
product worth mentioning supported) solution for.
T</FONT><FONT face=Arial size=2>his could IMO reduce the value
of HTML5.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>In addition to that, Mozilla's generateCRMFRequest
() is superior to <keygen>; </FONT><FONT face=Arial size=2>otherwise
they wouldn't have added it, since Mozilla already had <keygen>
</FONT><FONT face=Arial size=2>through their Netscape heritage.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Anyway, the existing <keygen> will probably
not survive so you end-up doing </FONT><FONT face=Arial size=2>a major
redesign. One of the things that you MUST change is the </FONT><FONT
face=Arial size=2>GUI where *users* have to select key strength. That's
ridiculous, in </FONT><FONT face=Arial size=2>the majority of cases it is the
*issuer* that has a policy that it tries to </FONT><FONT face=Arial
size=2>enforce. I doubt that <keygen> will come out as a
simple solution </FONT><FONT face=Arial size=2>if such considerations are taken
in account.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>OTOH, if the motivation is rather
"elevating" Apple's *existing implementation* </FONT><FONT face=Arial
size=2>to full standard, then you are all set :-)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>>However, none of this rules out
the possibility of putting more advanced</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>>crypto functionality into
browsers, either via HTML or a separate spec. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I'm happy about that :-)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>>So I would recommend that you
focus on promoting your preferred</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>>solution rather than opposing
<keygen>.<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>I just took my experience in this field and
explained why *I* felt that </FONT><FONT face=Arial size=2><keygen> needed
a successor.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>If WHATWG took <keygen> to for example
IETF-PKIX, a *real' standardization effort on this minor feature could
easily take 2-3 years to complete!</DIV>
<DIV><BR></DIV></FONT>
<DIV><FONT face=Arial size=2>Regards</FONT></DIV>
<DIV><FONT face=Arial size=2>Anders Rundgren</FONT></DIV></BODY></HTML>