W3C home > Mailing lists > Public > public-credentials@w3.org > September 2015

Re: <keygen>

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sun, 06 Sep 2015 06:04:48 +0000
Message-ID: <CAM1Sok2WhoRHQqRpQReVkdrX_gJce4tCMK3SPi_WeAHHTfsbXw@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, public-webid@w3.org, W3C Credentials Community Group <public-credentials@w3.org>
On 15:02, Sun, 06/09/2015 Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:

On 2015-09-06 04:28, Timothy Holborn wrote:
> Is there any good reason why <keygen> should no longer be supported?

If you look a bit deeper into the thread, it is rather X.509 certificates
for user authentication on the Web that is questioned.   Removing <keygen>
is
a first step for removing the rest.


Is there a security problem that means it should never be used?

If not; Does leaving it in, create any compatibility issues with anything
new?


BTW, Microsoft's new Browser "Edge" has (as far as I understand) already
removed
support for Web-based enrollment since CertEnroll builds on ActiveX which
also is removed.
For enterprise enrollment Microsoft has never relied on the Web

Anders

>
> I get having alternatives, thinking its good for flexibility and
innovation yet
 > bit like religions, conscription of a particular method isn't the best
option.
>
> So I haven't got clarity as to why it needs to be depreciated, regardless
of any other emerging alternatives...
>
> Can someone enlighten me?
>
> Tim.h.
>
Received on Sunday, 6 September 2015 06:05:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:25 UTC