[foaf-protocols] keygen substitute for Windows?

Kingsley Idehen kidehen at openlinksw.com
Tue Jan 19 17:26:30 CET 2010


Story Henry wrote:
> [SNIP]
> I think there should be a strong preference for declarative ways of doing things if possible, ie to use HTML tags. Moving over to javascript has always seemed to me to be breaking one foundational element of the web.
>
> As proof of the advantage of this way of working: the keygen tag has functioned across browser generations without change (I think).
>
> Microsoft's ActiveX component on the other hand (as I understand required the calling of a Windows specific binary technology! The naming of a dll. This meant that when they changed the dll code that was written for browsers also had to change!
>
> http://msdn.microsoft.com/en-us/library/bb931379%28VS.85%29.aspx
>
> [[
> Prior to Windows Vista, the Certificate Enrollment Control was implemented in Xenroll.dll. The Xenroll.dll library has been removed from the operating system and replaced by CertEnroll.dll.]]
>
> The web is described with no reference to CPU architecture. I am seriously against bringing such low level aspects into day to day web programming. 
>   
Amen!

We must protect the purity of the Web's Open Architecture. No leaks into 
platform specificity, ever!
>   
>> 2. The SPKAC format seems to be a legacy format. It doesn't really allow 
>> to convey much information that CAs would expect, unlike other formats 
>> used by the more modern APIs [3][4]. Perhaps it would be better to use 
>> one of the newer formats instead. This might break the compatibility 
>> with the pre-HTML 5 use of <keygen> (maybe another name than <keygen> in 
>> HTML5 would be better?).
>>     
>
> Perhaps extensions to keygen would be an interesting idea. 
> At least it is document now.
>
>   
>> Of course, the other big question is whether it's worth trying to 
>> standardise this <keygen> tag if there's no intent of support from major 
>> browser vendors (I have IE in mind here).
>>     
>
> There are 3 browser vendors that have implemented it. That is enough of a precedent to standardise. If one browser vendor requires people to use binaries that tie people to their platform, it seems that it is quite clear what the reasons for that may be, and those reasons have in the past been deemed legally condemnable by both US and EU courts. Let us rather assume that that vendor decided to pursue that activity due to lack of standardisation in this space. 
>   
Nothing more to add, very well stated !!


Kingsley
> Henry
>
>   
>> Best wishes,
>>
>> Bruno.
>>
>>
>> [1] https://developer.mozilla.org/en/GenerateCRMFRequest
>> [2] http://msdn.microsoft.com/en-us/library/aa374863%28VS.85%29.aspx
>> [3] http://tools.ietf.org/html/rfc2986
>> [4] http://tools.ietf.org/html/rfc4211
>>     
>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>
>   


-- 


Regards,

Kingsley Idehen	      Weblog: http://www.openlinksw.com/blog/~kidehen
President & CEO 
OpenLink Software     Web: http://www.openlinksw.com






More information about the foaf-protocols mailing list