Re: <keygen> element from Maciej Stachowiak on 2009-09-07 (public-html@w3.org from September 2009)

From: Maciej Stachowiak <mjs@apple.com>
Date: Sun, 06 Sep 2009 19:05:39 -0700
To: Sam Ruby <rubys@intertwingly.net>
Cc: Jonas Sicking <jonas@sicking.cc>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, Lachlan Hunt <lachlan.hunt@lachy.id.au>, HTML WG <public-html@w3.org>
Message-id: <083278CC-66E8-4D79-B9F4-F881EF9A8EB8@apple.com>

On Sep 6, 2009, at 3:58 AM, Sam Ruby wrote:

> Maciej Stachowiak wrote:
>> What marking it obsolete would do is result in a conformance error  
>> on every page using it - this seems orthogonal to Microsoft's  
>> concern, and at least to me it seems unhelpful. But perhaps you  
>> have some different concerns that would be addressed by making  
>> keygen obsolete.
>
> While error might be overkill, unless the expectation is that this  
> element will be universally implemented, a warning does seem in order.

A warning would be acceptable, but all it could really tell you is to  
make sure your page has an alternate solution for IE. For now at  
least, it could not point you to a solution that works cross-browser.  
(Aside: if one thinks a warning for an everyone-but-IE feature has  
significant value, then that would imply IE's refusal to implement has  
significant interoperability cost. I personally don't think either is  
true.)

If we had a superior cross-browser solution ready, then obsoleting  
would undoubtedly be the right way to go. I hope Mozilla and Microsoft  
strongly consider making some proposals in this area, since they have  
the experience of deploying extended crypto APIs in the browser. I can  
get Apple security experts to review proposed APIs, but we're do not  
have the expertise or bandwidth to design a brand new API from scratch

Regards,
Maciej

Received on Monday, 7 September 2009 02:06:21 UTC