On 2015-02-14 22:33, Tony Arcieri wrote:
Keygen was created in the absence of a good user experience story. X.509 client certificates are already extremely problematic from a UX perspective, and <keygen> just makes it worse with a confusing onboarding workflow.
This posting was really about the lack of accepted standards for certificate enrollment and why it is pointless waiting for such standards. What's needed is a way for third-parties creating add-ons to browsers that (for example) can enroll certificates which seems like a task (or interest at least) for the people who participated in: http://www.w3.org/2012/webcrypto/webcrypto-next-workshop X.509 client certificates are indeed associated with bad UXs, but the true culprit are the extremely dated underpinning systems which do not support any kind of user-oriented meta-data like icons. Here is an example of a system in development requiring tons of features outside of what "keygen" & friends offer: http://webpki.org/papers/decentralized-payments.pdf X.509 client certificates as if Steve Jobs had designed them? :-) Anders
I will note that Microsoft is supporting U2F in Windows 10 On Fri, Feb 13, 2015 at 11:43 PM, Anders Rundgren <[email protected] <mailto:[email protected]>> wrote: Microsoft haven't implemented HTML5's keygen in spite of being a "standard". The same is valid for iOS. This makes the use of X.509 certificates quite quirky. What's the way ahead then? Since the world [apparently] is divided a better path could be to offer a web interface that allows you to implement the "keygen" you want. You see a pattern here? No? Anders -- Tony Arcieri
