- From: Mitar <mmitar@gmail.com>
- Date: Mon, 22 Feb 2016 15:27:51 -0800
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi! I tried some more information about the lack of APIs to access client certificates from the web applications, and found this position paper: https://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/Using_the_W3C_WebCrypto_API_for_Document_Signing.html But not much more. I wonder why there is no API to really do something useful with those certificates inside web applications. There is <keygen> HTML tag to generate it, but there is no <keysign> for example that one could sign the content of the form. I know that some European countries use state provided certificates to their citizens, but the lack of APIs in browsers require them to use special extensions, which complicate their use even more. Is it possible that the lack of relevant APIs is because client side certificates have not found mainstream use in industry? What should be done to move this further? Maybe create <keysign> tag, maybe allow getting key for signing to be used by web crypto API? Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m
Received on Monday, 22 February 2016 23:28:21 UTC