On Tue, 1 Sep 2015, henry.st...@bblfish.net wrote:
> As the WhatWG only recenly moved to Github members here may not have 
> noticed that <keygen> has been deprecated.
> I opened https://github.com/whatwg/html/issues/67 to give space for the 
> discussion. It is a pitty that this was closed so quickly ( within an 
> hour ) without giving members and the public ( the users of the web ) 
> time to comment nor for their voice to be heard.
> This is a complex issue that involves many different levels of 
> expertise, and it should not be handled so lightly.

The spec just reflects implementations. The majority of implementations of 
<keygen> (by usage) have said they want to drop it, and the other major 
implementation has never supported it. The element was originally (and for 
many years) purely a mostly-undocumented proprietary extension; at the 
time it was invented, the HTML spec was edited by the W3C and the W3C did 
not add it (they only ended up speccing it in their most recent HTML spec 
because they forked the WHATWG's spec which did define it -- indeed, even 
then, it was something that W3C HTML working group members argued should 
not have been included). It was only added to the WHATWG spec because one 
of the browser vendors said they could not remove support for it due to 
usage by enterprise customers; that browser vendor is now amongst one of 
the ones wanting to drop it.

As far as I can tell, therefore, things here are working exactly as one 
should expect.

It's worth noting that <keygen> is a pretty terrible API. I recommend 
approaching the groups writing new cryptography APIs, explaining your use 
cases, and making sure they are supported in up-and-coming, more widely 
supported, more secure, and more well-thought-out APIs.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Reply via email to