On Fri, Apr 30, 2010 at 7:02 PM, Boris Zbarsky <bzbar...@mit.edu> wrote: >> But maybe you are right. The html5 spec is already blown up with stuff >> nobody will ever use (keygen?) enough. > > Amusingly enough, keygen is something I use once a year or so (when my user > certificate expires), and something that MIT students need to use to, say, > register for classes (or view their grades, deal with bursar's office stuff > online, etc, etc). See https://ca.mit.edu/ca/certgen (though that will > likely require a login... that you may not have). See > http://ist.mit.edu/services/certificates for the various documentation.
I haven't heard anyone saying anything good about keygen. It's basically universally agreed to suck. However since there is no alternative currently, many sites that deal with security stuff, such as banks, use it. So not many sites use it, but they tend to be sites that users really want to use. If someone steps up and comes up with a good alternative, likely something like a JS API for crypto and certs, then browsers will likely be fine with removing the current implementation as soon as sites start using the new API. This can probably happen relatively quickly given that these sites are well maintained. At that point it can be removed from the spec. / Jonas
