- From: <bugzilla@jessica.w3.org>
- Date: Wed, 07 Oct 2015 08:59:45 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=13518
bblfish <henry.story@bblfish.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|NEEDSINFO |---
--- Comment #4 from bblfish <henry.story@bblfish.net> ---
The reason given for closing this issue is that this type of functionality
would be taken over by WebCrypto JS APIs. That WG finished its work, but
without filling the gap that the keygen functionality enabled.
To be more precise the JS Crypto API work does not provide a standard way for
the browser to create public private keys in such a way that both the following
hold:
1. it is safe from the origin that generated the key so that the user agent's
keystore is the only one to have access to the private key
2. the generated key is then useable across origins through browser enabled
user mediation [2] for authentication
The irresolution of this issue was then used by a number of browsers ( see
thread on blink-dev mailing list) as a reason to remove the <keygen>
functionality, which was then used as a reason by the WHATWG to deprecate it
[3] .
[1] http://www.w3.org/TR/WebCryptoAPI/
[2] http://w3c.github.io/webappsec-credential-management/#user-mediation
https://github.com/whatwg/html/issues/102
[3] https://github.com/whatwg/html/issues/102
--
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Wednesday, 7 October 2015 08:59:59 UTC