W3C home > Mailing lists > Public > public-web-security@w3.org > February 2015

Re: [WebCrypto.Next] Support for HTML5's "keygen" in Windows and iOS

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 15 Feb 2015 07:51:25 +0100
Message-ID: <54E041ED.9080905@gmail.com>
To: Tony Arcieri <bascule@gmail.com>
CC: "public-web-security@w3.org" <public-web-security@w3.org>
On 2015-02-14 22:33, Tony Arcieri wrote:
> Keygen was created in the absence of a good user experience story. X.509 client certificates are already extremely problematic from a UX perspective, and <keygen> just makes it worse with a confusing onboarding workflow.

This posting was really about the lack of accepted standards for certificate enrollment and why it is pointless waiting for such standards.

What's needed is a way for third-parties creating add-ons to browsers that (for example) can enroll certificates which seems like a task (or interest at least) for the people who participated in:
http://www.w3.org/2012/webcrypto/webcrypto-next-workshop

X.509 client certificates are indeed associated with bad UXs, but the true culprit are the extremely dated underpinning systems which do not support any kind of user-oriented meta-data like icons.  Here is an example of a system in development requiring tons of features outside of what "keygen" & friends offer:
http://webpki.org/papers/decentralized-payments.pdf

X.509 client certificates as if Steve Jobs had designed them?  :-)

Anders

>
> I will note that Microsoft is supporting U2F in Windows 10
>
> On Fri, Feb 13, 2015 at 11:43 PM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     Microsoft haven't implemented HTML5's keygen in spite of being a "standard".
>     The same is valid for iOS.
>
>     This makes the use of X.509 certificates quite quirky.
>
>     What's the way ahead then?  Since the world [apparently] is divided a better path
>     could be to offer a web interface that allows you to implement the "keygen" you want.
>
>     You see a pattern here?  No?
>
>     Anders
>
>
>
>
>
>
> -- 
> Tony Arcieri
Received on Sunday, 15 February 2015 06:52:13 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 15 February 2015 06:52:14 UTC