- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 22 Feb 2016 16:24:09 -0800
- To: Mitar <mmitar@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
You don't *need* a certificate to sign. WebCrypto is enough. On 22 February 2016 at 15:27, Mitar <mmitar@gmail.com> wrote: > Hi! > > I tried some more information about the lack of APIs to access client > certificates from the web applications, and found this position paper: > > https://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/Using_the_W3C_WebCrypto_API_for_Document_Signing.html > > But not much more. I wonder why there is no API to really do something > useful with those certificates inside web applications. There is > <keygen> HTML tag to generate it, but there is no <keysign> for > example that one could sign the content of the form. > > I know that some European countries use state provided certificates to > their citizens, but the lack of APIs in browsers require them to use > special extensions, which complicate their use even more. Is it > possible that the lack of relevant APIs is because client side > certificates have not found mainstream use in industry? > > What should be done to move this further? Maybe create <keysign> tag, > maybe allow getting key for signing to be used by web crypto API? > > > Mitar > > -- > http://mitar.tnode.com/ > https://twitter.com/mitar_m >
Received on Tuesday, 23 February 2016 00:24:44 UTC