Re: removing keygen from HTML

On Tue, 31 May 2016, at 10:04, Harry Halpin wrote:
> I do not know anyone from the cryptographic or security community that
> would support keeping <keygen>. Indeed, the default response from the
> security/crypto community would be to drop <keygen> due to legacy
> usage of MD5 and violation of security boundaries (SOP).
That would also be my response if I was employed by the NSA and wanted
to prevent technologies that allow user controlled strong cryptography
and decentralized networks of trust (as enabled by webId).
 
Cheers,
Reto
 
 

Received on Tuesday, 31 May 2016 11:40:29 UTC