keygen: TLS/SSL a better way

2009-01-03 @ 17:56#

i just stumbled upon this tweet from HenryStory about a little known (to me, at least) HTML keyword: <keygen>.

this keyword can be used to prompt the browser to generate an SSL cert and pass it to the server. the server can then sign it and pass data back to the browser that will result in a fully-installed SSL cert. much easier than prompting users to walk through the maze of manually downloading and installing certs.

details on this cool element are covered in a whatwg discussion thread. the real details appear in an attachment from one of the messages. below is one of the more enticing descriptions of the attachment

I'm sure that if more people knew about this attribute and how to use it, it would be used in a lot more areas. It can be used within big companies that relies on strong security for their employees when they want to access company data from the outside, example mail or administrative web tools. Internet banks can also use this. They would/should only use standarized tested technology, and currently, this attribute is not fairly standarized, nor documented.

biggest bummer - IE doesn't support it. but FF, Opera, and Safari have it already implemented.

could be *very* intersting. esp. if IE got it's act together and decided to support it, too.

code