- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 2 Apr 2014 00:02:51 +0000 (UTC)
- To: "henry.story@bblfish.net" <henry.story@bblfish.net>
- Cc: whatwg@whatwg.org
On Tue, 25 Feb 2014, henry.story@bblfish.net wrote: > > The keygen form element does a great job of specifying how the browser > creates a public/private key pair, stores the private key in it's local > keystore. > > "When the control's form is submitted, the private key is stored in the > local keystore, and the public key is packaged and sent to the server." > > It is clear that the intention is for the server to send back a > certificate built from the public key. What I can't find is what the > mime type of the returned certificate should be. I have been using > `application/x-x509-user-cert` which seems to work for Safari, Firefox, > Opera . But I think that is not an officially supported certificate > type. application/pkix-cert seems to be that after looking it up on > iana. > > I ended up posting a bug report for Android on that. > http://code.google.com/p/android/issues/detail?id=66342 > > But now I have to check for each browser which is the type all browsers > support. To avoid people having to do this research again and again, > perhaps it would be worth specifying a mime type that all browsers > do/must support in the HTML5 spec? On Wed, 26 Feb 2014, henry.story@bblfish.net wrote: > > (1) most browsers currently understand the mime types > (a) application/x-x509-user-cert > (b) application/x-x509-ca-cert > (c) application/x-x509-email-cert > ( I have only verified (a) btw. I am assuming the others also support (b) and (c) ) > as specified here > https://wiki.mozilla.org/CA:Certificate_Download_Specification > > (2) the above mime types are not registered > http://www.iana.org/assignments/media-types/media-types.xhtml > > So really either the old mime types should be registered, or they should > be mentioned as being in use but deprecated and people should be guided > towards the application/pkix-cert I wouldn't worry too much about registered vs not registered. If the registry doesn't match the implementations, the registry is buggy. On the other hand, I also don't want to get into the business of specifying this stuff myself. I've added a link to the above MDN page to the keygen section. If there is ever something more canonical (and yet still useful and accurate), let me know and I'll update the spec. Cheers, -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 2 April 2014 00:03:16 UTC