20861 – Should <keygen> be conforming-but-obsolete

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 20861 - Should <keygen> be conforming-but-obsolete

Summary: Should <keygen> be conforming-but-obsolete

Status:	RESOLVED WONTFIX

Alias:	None

Product:	HTML WG
Classification:	Unclassified
Component:	HTML5 spec (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P3 editorial
Target Milestone:	---
Assignee:	Robin Berjon
QA Contact:	HTML WG Bugzilla archive list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-02-04 13:44 UTC by Robin Berjon
Modified:	2015-06-17 03:12 UTC (History)
CC List:	6 users (show)

See Also:

Attachments

Description Robin Berjon 2013-02-04 13:44:02 UTC

It would appear that <keygen> could be a good candidate for filing under that category as it seems clear that at least one browser plans to never have any useful behaviour for it (beyond the required parsing/DOM) so that I don't believe we ever want new content to be using it.

Comment 1 Julian Reschke 2013-02-04 13:55:59 UTC

But that's because existomg code relies on the UA being *either* IE (-> ActiveX) or having <keygen> support, no?

Comment 2 Robin Berjon 2013-02-04 14:10:07 UTC

(In reply to comment #1)
> But that's because existomg code relies on the UA being *either* IE (->
> ActiveX) or having <keygen> support, no?

Right, but that changes nothing if the idea is that new content should not use it. Filing it as obsolete doesn't remove the existing support that relies on it, it just makes it clear that new stuff shouldn't use it.

Comment 3 Julian Reschke 2013-02-04 14:17:45 UTC

So does the spec tell authors what to use *instead*?

(/me no crypto expert, just wondering whether we made progress since this came up years ago)

Comment 4 Michael[tm] Smith 2013-02-04 14:29:24 UTC

(In reply to comment #3)
> So does the spec tell authors what to use *instead*?
> 
> (/me no crypto expert, just wondering whether we made progress since this
> came up years ago)

Eventually, the Web Cryptography API https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html though at this point we need to get implemented in more UAs

Comment 5 Henri Sivonen 2013-02-04 15:16:16 UTC

I came here to make the comments Julian already made.

(In reply to comment #4)
> Eventually, the Web Cryptography API
> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html though
> at this point we need to get implemented in more UAs

That doc says key provisioning is out of scope. <keygen> is used for CA enrollment processes.

I think we should not obsolete it without a replacement.

Comment 6 Michael[tm] Smith 2015-06-17 03:12:46 UTC

(In reply to Henri Sivonen from comment #5)
> I came here to make the comments Julian already made.
> 
> (In reply to comment #4)
> > Eventually, the Web Cryptography API
> > https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html though
> > at this point we need to get implemented in more UAs
> 
> That doc says key provisioning is out of scope. <keygen> is used for CA
> enrollment processes.
> 
> I think we should not obsolete it without a replacement.

Agreed, so moving this to resolved=wontfix.

There's been no new information on this in 2+ years and it does not seem important enough to merit being kept open for another N years with nothing happening. I can of course be re-opened if anything has changed.