On Jun 4, 2009, at 1:26 AM, Jonas Sicking wrote:
On Wed, Jun 3, 2009 at 3:52 PM, Ian Hickson <[email protected]> wrote:
On Wed, 15 Apr 2009, Anders Rundgren wrote:
Now to the really problematic stuff: <keygen> is not really an HTML
tag, it is actually 2 phases of a 3-phase key provisioning protocol.
I don't see why a protocol should be plugged into a page GUI. The
alternatives all use APIs or specific plugins that indeed may be
spawned
from an HTML page but that's something completely different.
I agree, <keygen> seems like a poor design. That's one of the
reasons I
didn't extend it in HTML5; we're just defining what it does in
browsers so
that new browsers can implement it if they want to be compatible
with the
existing browsers.
We could possibly make it non-conforming though. I don't have a strong
opinion either way, on one hand I think we want to discourage its use
since it's a pretty crappy feature, on the other hand, I'm not sure
that the people that are using it have a choice, so making it
non-conforming without providing any alternatives isn't going make
anyone stop using it.
I share your distaste for <keygen>. But I also agree that it's
unhelpful to make it nonconforming without providing an alternative.
Maybe in HTML6, if we develop a better solution in the meantime.
- Maciej
