- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 6 Sep 2015 08:28:45 +0200
- To: Timothy Holborn <timothy.holborn@gmail.com>, public-webid@w3.org, W3C Credentials Community Group <public-credentials@w3.org>
On 2015-09-06 08:04, Timothy Holborn wrote: > > On 15:02, Sun, 06/09/2015 Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > > On 2015-09-06 04:28, Timothy Holborn wrote: > > Is there any good reason why <keygen> should no longer be supported? > > If you look a bit deeper into the thread, it is rather X.509 certificates > for user authentication on the Web that is questioned. Removing <keygen> is > a first step for removing the rest. > > > Is there a security problem that means it should never be used? > > If not; Does leaving it in, create any compatibility issues with anything new? Personally I think we are discussing the wrong topic. Since the vendor that has 80% market share on the desktop have already removed support for their counterpart to <keygen> in Edge and made it much more difficult to use in IE11 (default turned off) there's obviously a strong vendor movement towards eventually disabling HTTPS client-certification on the Web. The reasons for this deprecation have AFAICT never been discussed in any W3C forum. As I have written numerous times, the really big users of x.509 saw this coming years ago and have nowadays turned to "Apps" which give developers much more options than a Web dictated by a small elite of fairly non-pragmatic people. Anders > > > BTW, Microsoft's new Browser "Edge" has (as far as I understand) already removed > support for Web-based enrollment since CertEnroll builds on ActiveX which also is removed. > For enterprise enrollment Microsoft has never relied on the Web > > Anders > > > > > I get having alternatives, thinking its good for flexibility and innovation yet > > bit like religions, conscription of a particular method isn't the best option. > > > > So I haven't got clarity as to why it needs to be depreciated, regardless of any other emerging alternatives... > > > > Can someone enlighten me? > > > > Tim.h. > > > >
Received on Sunday, 6 September 2015 06:30:04 UTC