Looking over <http://dev.w3.org/html5/spec/the-keygen-element.html>, what is there to prevent a client-side script from removing the keygen element from the DOM and replacing it with an attacker's key? One presumes that the "challenge" attribute was intended to overcome such threats, but the malicious script can read the challenge value and generate/sign its own key accordingly.
Perhaps the browser should provide keys generated by <keygen> to the server in an HTTP header that cannot be accessed/manipulated by client-side script? -- Alan
