Bug 20861 - Should <keygen> be conforming-but-obsolete
Should <keygen> be conforming-but-obsolete
Status: NEW
Product: HTML WG
Classification: Unclassified
Component: HTML5 spec
unspecified
PC All
: P2 normal
: ---
Assigned To: Robin Berjon
HTML WG Bugzilla archive list
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-04 13:44 UTC by Robin Berjon
Modified: 2013-02-19 13:44 UTC (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Berjon 2013-02-04 13:44:02 UTC
It would appear that <keygen> could be a good candidate for filing under that category as it seems clear that at least one browser plans to never have any useful behaviour for it (beyond the required parsing/DOM) so that I don't believe we ever want new content to be using it.
Comment 1 Julian Reschke 2013-02-04 13:55:59 UTC
But that's because existomg code relies on the UA being *either* IE (-> ActiveX) or having <keygen> support, no?
Comment 2 Robin Berjon 2013-02-04 14:10:07 UTC
(In reply to comment #1)
> But that's because existomg code relies on the UA being *either* IE (->
> ActiveX) or having <keygen> support, no?

Right, but that changes nothing if the idea is that new content should not use it. Filing it as obsolete doesn't remove the existing support that relies on it, it just makes it clear that new stuff shouldn't use it.
Comment 3 Julian Reschke 2013-02-04 14:17:45 UTC
So does the spec tell authors what to use *instead*?

(/me no crypto expert, just wondering whether we made progress since this came up years ago)
Comment 4 Michael[tm] Smith 2013-02-04 14:29:24 UTC
(In reply to comment #3)
> So does the spec tell authors what to use *instead*?
> 
> (/me no crypto expert, just wondering whether we made progress since this
> came up years ago)

Eventually, the Web Cryptography API https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html though at this point we need to get implemented in more UAs
Comment 5 Henri Sivonen 2013-02-04 15:16:16 UTC
I came here to make the comments Julian already made.

(In reply to comment #4)
> Eventually, the Web Cryptography API
> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html though
> at this point we need to get implemented in more UAs

That doc says key provisioning is out of scope. <keygen> is used for CA enrollment processes.

I think we should not obsolete it without a replacement.