We started putting a wiki page together for this that will be kept up
to date here:
http://esw.w3.org/topic/foaf+ssl
Henry
On 9 Jan 2009, at 00:28, Story Henry wrote:
Dear WhatWG,
I just subscribed to this list having noticed a thread earlier this
month on the topic of the <keygen> tag. As it happens we are working
on a protocol
foaf+ssl where keygen turns out to be extremely useful. It allows us
to create web services to give people very secure certificates which
can then be used to build a secure distributed social network based
on a web of trust.
The foaf+ssl protocol works as it happens with most existing
browsers - though we have not done a detailed study of this yet (if
people could help this would be greatly appreciated). The protocol
is summarized here:
http://www.w3.org/2008/09/msnws/papers/foaf+ssl.html
And you can find more on my blog at http://blogs.sun.com/bblfish .
The discussion on <keygen> which produces spkac public keys which it
sends to the server can be found on the foaf-protocols mailing list
archive under 'spkac'
http://lists.foaf-project.org/pipermail/foaf-protocols/2009-January/date.html
To tell you the truth I just discovered this tag recently myself,
wrote some code to test that it worked, found it to work on Opera,
Netscape, and Firefox, though it works slightly differently on each
platform.
http://lists.foaf-project.org/pipermail/foaf-protocols/2009-January/000153.html
I also put up a page on wikipedia:
http://en.wikipedia.org/wiki/Spkac
So please do keep the tag, and perhaps work on making it easier to
work with.
Henry
Blog: http://blogs.sun.com/bblfish
Ian Hickson wrote on January 6 2009:
Over the years, several people (most of them bcc'ed) have asked for
HTML5 to include a definition of <keygen>. Some have even gone as
far as finding documentation on the element -- thank you. As I
understand it based on the documentation, <keygen> basically
generates a public/private asymmetric cryptographic key pair, and
then sends the public component as its form value. Unfortunately,
this seems completely and utterly useless, as at no point does
there seem to be any way to ever use the private component either
for signing or for decrypting anything, nor does there appear to be
a way to use the certificate for authentication. Without further
information along these lines describing how to actually make
practical use of the element, I do not intend to document <keygen>
in the HTML5 specification. If anyone can fill in these holes that
would be very helpful. Cheers,
