Re: <keygen> element from Sam Ruby on 2009-09-02 (public-html@w3.org from September 2009)

From: Sam Ruby <rubys@intertwingly.net>
Date: Wed, 02 Sep 2009 07:41:44 -0400
To: Maciej Stachowiak <mjs@apple.com>
CC: Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>, Adrian Bateman <adrianba@microsoft.com>, HTML WG <public-html@w3.org>
Message-ID: <4A9E59F8.2080006@intertwingly.net>

Maciej Stachowiak wrote:
> 
> On Sep 2, 2009, at 1:39 AM, Anne van Kesteren wrote:
> 
>> On Wed, 02 Sep 2009 01:27:16 +0200, Maciej Stachowiak <mjs@apple.com 
>> <mailto:mjs@apple.com>> wrote:
>>> I agree with the last two paragraphs. I think the main thing is to 
>>> provide a good crypto API so we can relegate <keygen> and 
>>> browser-specific solutions to the dustbin of history.
>>
>> If dustbin of history means everyone removes their implementation we 
>> could remove the documentation as well I suppose. However, if Gecko 
>> and WebKit keep it I'm sure sites will continue to use it for one 
>> reason or another and we need to have it documented.
>>
>> Another reason to have it in the specification is that the 
>> implementation details of the element in Presto/Gecko/WebKit are quite 
>> different.
> 
> I don't think <keygen> should be removed from anything for now; that was 
> more of a rhetorical flourish than a specific technical recommendation. 
> But it probably wouldn't be hard to convince sites to migrate to a 
> better API if we make one. Someday it may be possible to completely 
> obsolete it.

Per previous discussion[1], I believe that it is the policy of the 
editor to remove features that any browser that has notable market share 
do not intend to support, and then work to come up with solutions that 
everybody would agree to.

table@summary does something in JAWS and some other UAs, but has issues, 
the PF Working Group hopes to someday completely obsolete it, isn't 
described in the spec, and any uses produces a warning.

keygen does something in Gecko and some other UAs, has issues, likely 
will never be implemented in IE, the HTML WG hopes to someday completely 
obsolete it, is described in the spec, and uses currently produce no 
warning.

Per the discussion on issue 53, I believe that table@summary should be 
described even if is recommended against, but at the very least it seems 
to me that keygen should get no more favorable treatment than 
table@summary.  Therefore, if table@summary remains as it is, the 
description for keygen should be removed, and uses of keygen should 
produce a warning.

I've open a bug report on the lack of a warning, but with the full text 
above:

http://www.w3.org/Bugs/Public/show_bug.cgi?id=7480

> Regards,
> Maciej

- Sam Ruby

[1] http://lists.w3.org/Archives/Public/www-archive/2009Jul/0075.html

Received on Wednesday, 2 September 2009 11:42:28 UTC