Re: removing keygen from HTML

FYI,

Some folks are using <keygen>, although I think everyone has been notified
of the upcoming deprecation quite a while ago and so hopefully are
preparing for a post-<keygen> world if they use client certs in the browser
outside of TLS (such as for authentication). One deployment, MIT is working
to moving to OpenID with Duo two-factor.

It has been requested not to remove it until the replacement is ready, and
I think WebAuthn fulfils the requirements in a way that is coherent with
the Web Security Model.

Here's the WebAuthn schedule - so thus, one-factor cryptographic
authentication should be working across most browsers later in the year, as
early as October. So far, the Working Group has been moving very fast.

https://lists.w3.org/Archives/Public/public-webauthn/2016May/0213.html

Schedule:
We're aiming to reach Recommendation by February 2017, when the group's
charter ends. We agreed (with an ongoing CfC on the mailing list) to
publish a First Public Working Draft from the current Editors' Draft.
The plan:
* May: FPWD
* June: WD-01, a feature complete Working Draft
* July-Aug: Further issue resolution and Wide Review;
 additional WDs as needed
* September (TPAC): Candidate Recommendation, features stable
* Oct-Nov: Implementation and testing
* December: Proposed Recommendation
* January '17: Advisory Committee Review (4 weeks)
* February '17: Recommendation

   cheers,
       harry

On Sun, May 29, 2016 at 11:40 PM, Chaals McCathie Nevile <
chaals@yandex-team.ru> wrote:

> Hi folks,
>
> there is an open issue [1] and open call for consensus [2] to remove
> keygen from HTML. Since the TAG, or its members, appear to have opinions
> about our spec, we'd be grateful to hear them.
>
> cheers
>
> Chaals
>
> [1] https://github.com/w3c/html/issues/43
> [2] http://www.w3.org/mid/op.yhs220oos7agh9@widsith.local
>
> --
> Charles McCathie Nevile - web standards - CTO Office, Yandex
>  chaals@yandex-team.ru - - - Find more at http://yandex.com
>
>