W3C home > Mailing lists > Public > public-web-security@w3.org > March 2015

Re: [WebCrypto.Next] Support for HTML5's "keygen" in Windows and iOS

From: Harry Halpin <hhalpin@w3.org>
Date: Mon, 16 Mar 2015 17:12:25 +0100
Message-ID: <550700E9.1010508@w3.org>
To: public-web-security@w3.org


On 02/14/2015 10:33 PM, Tony Arcieri wrote:
> Keygen was created in the absence of a good user experience story. X.509
> client certificates are already extremely problematic from a UX
> perspective, and <keygen> just makes it worse with a confusing onboarding
> workflow.

Note <keygen> has no formally defined functionality in HTML5, but legacy
use is still defined. In particular "

This specification does not specify what key types user agents are to
support — it is possible for a user agent to not support any key types
at all." [1]

We've had this discussion several times in the past re WebCrypto's
relationship with <keygen>, and our understanding is that it is
supported as a valid tag due to legacy reasons but that's it - which is
why discussion has moved on to Web Crypto API, FIDO, and smartcards,
where there is actual interest in making progress.

Of course, if anyone else besides Anders (since he obviously supports
future work on it) feels <keygen> is mission critical for the future of
the Web, please tell us.

   cheers,
       harry


[1] http://dev.w3.org/html5/spec-preview/the-keygen-element.html


> 
> I will note that Microsoft is supporting U2F in Windows 10
> 
> On Fri, Feb 13, 2015 at 11:43 PM, Anders Rundgren <
> anders.rundgren.net@gmail.com> wrote:
> 
>> Microsoft haven't implemented HTML5's keygen in spite of being a
>> "standard".
>> The same is valid for iOS.
>>
>> This makes the use of X.509 certificates quite quirky.
>>
>> What's the way ahead then?  Since the world [apparently] is divided a
>> better path
>> could be to offer a web interface that allows you to implement the
>> "keygen" you want.
>>
>> You see a pattern here?  No?
>>
>> Anders
>>
>>
>>
>>
> 
> 
Received on Monday, 16 March 2015 16:12:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 16 March 2015 16:12:26 UTC