>And if you want a really detailed client-side smartcard provision you >could already implement this with a Java applet doing exactly what you want.
The reason why I brought this to begin with is because this is what in fact the *majority* of big PKI deployments (0.5M and up) using "soft certificates" do. ><keygen> is not one of the main problems. I'm pretty sure that <keygen> will die in phones, where on-line provisioning is not an esoteric "workaround", but rather more or less a *prerequisite*. What's more. A "<keygen>++" would help much either. You need a "P11++" and a "Card++" as well. Yes, you need "requirements", something the HTML5 WG apparantly do not consider an issue :-) Would you and Nelson like to bet on this? I mean, could we come back in 5 years and see if <keygen> actually "lives"? I plan to "kill" it next year already so I'm interested :-) Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
