HTML Standard Tracker

Filter

File a bug

SVNBugCommentTime (UTC)
2960[Authors] [Conformance Checkers] [Gecko] [Opera] [Webkit] First cut at defining <keygen>. Affects parser, rendering, and form submission.2009-04-07 03:48
@@ -37655,20 +37655,331 @@ interface <dfn>HTMLOptionElement</dfn> : <span>HTMLElement</span> {
   title="dom-textarea/input-selectionStart">selectionStart</code>,
   <code title="dom-textarea/input-selectionEnd">selectionEnd</code>,
   and <code
   title="dom-textarea/input-setSelectionRange">setSelectionRange()</code>
   methods and attributes expose the element's text selection.</p>
 
   </div>
 
 
 
+  <h4>The <dfn><code>keygen</code></dfn> element</h4>
+
+  <dl class="element">
+   <dt>Categories</dt>
+   <dd><span>Flow content</span>.</dd>
+   <dd><span>Phrasing content</span>.</dd>
+   <dd><span>Interactive content</span>.</dd>
+   <dd><span title="category-listed">Listed</span>, <span title="category-label">labelable</span>, <span title="category-submit">submittable</span>, and <span title="category-reset">resettable</span> <span>form-associated element</span>.</dd>
+   <dt>Contexts in which this element may be used:</dt>
+   <dd>Where <span>phrasing content</span> is expected.</dd>
+   <dt>Content model:</dt>
+   <dd>Empty.</dd>
+   <dt>Content attributes:</dt>
+   <dd><span>Global attributes</span></dd>
+   <dd><code title="attr-fe-autofocus">autofocus</code></dd>
+   <dd><code title="attr-keygen-challenge">challenge</code></dd>
+   <dd><code title="attr-fe-disabled">disabled</code></dd>
+   <dd><code title="attr-fae-form">form</code></dd>
+   <dd><code title="attr-keygen-keytype">keytype</code></dd>
+   <dd><code title="attr-fe-name">name</code></dd>
+   <dt>DOM interface:</dt>
+   <dd>
+<pre class="idl">interface <dfn>HTMLKeygenElement</dfn> : <span>HTMLElement</span> {
+           attribute boolean <span title="dom-fe-autofocus">autofocus</span>;
+           attribute DOMString <span title="dom-keygen-challenge">challenge</span>;
+           attribute boolean <span title="dom-fe-disabled">disabled</span>;
+  readonly attribute <span>HTMLFormElement</span> <span title="dom-fae-form">form</span>;
+           attribute DOMString <span title="dom-keygen-keytype">keytype</span>;
+           attribute DOMString <span title="dom-fe-name">name</span>;
+
+  readonly attribute DOMString <span title="dom-keygen-type">type</span>;
+
+  readonly attribute boolean <span title="dom-cva-willValidate">willValidate</span>;
+  readonly attribute <span>ValidityState</span> <span title="dom-cva-validity">validity</span>;
+  readonly attribute DOMString <span title="dom-cva-validationMessage">validationMessage</span>;
+  boolean <span title="dom-cva-checkValidatity">checkValidity</span>();
+  void <span title="dom-cva-setCustomValidity">setCustomValidity</span>(in DOMString error);
+
+  readonly attribute <span>NodeList</span> <span title="dom-lfe-labels">labels</span>;
+};</pre>
+   </dd> 
+  </dl>
+
+  <p>The <code>keygen</code> element <span>represents</span> a key
+  pair generator control. When the control's form is submitted, the
+  private key is stored in the local keystore, and the public key is
+  packaged and sent to the server.</p>
+
+  <p>The <dfn
+  title="attr-keygen-challenge"><code>challenge</code></dfn> attribute
+  may be specified. Its value will be packaged with the submitted
+  key.</p>
+
+  <p>The <dfn title="attr-keygen-keytype"><code>keytype</code></dfn>
+  attribute is an <span>enumerated attribute</span>. The following
+  table lists the keywords and states for the attribute &mdash; the
+  keywords in the left column map to the states listed in the cell in
+  the second column on the same row as the keyword.</p>
+
+  <table>
+   <thead> <tr> <th> Keyword <th> State
+   <tbody>
+    <tr>
+     <td> <code title="">rsa</code>
+     <td> <i title="">RSA</i>
+  </table>
+
+  <p>The <i>invalid value default</i> state is the <i
+  title="">unknown</i> state. The <i>missing value default</i> state
+  is the <i title="">RSA</i> state.</p>
+
+  <div class="impl">
+
+  <p>The user agent may expose a user interface for each
+  <code>keygen</code> element to allow the user to configure settings
+  of the element's key pair generator, e.g. the key length.</p>
+
+  <p>The <span title="concept-form-reset-control">reset
+  algorithm</span> for <code>keygen</code> elements is to set these
+  various configuration settings back to their defaults.</p>
+
+  <p>The element's <span title="concept-fe-value">value</span> is the
+  string returned from the following algorithm:</p>
+
+  <!-- XXXrefs:
+    [X690] http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+  -->
+
+  <ol>
+
+   <li>
+
+    <p>Use the appropriate step from the following list:</p>
+
+    <dl class="switch">
+
+     <!--
+
+     <dt>If the <code title="attr-keygen-keytype">keytype</code>
+     attribute is in the <i title="">EC</i> state</dt>
+
+     <dd>
+
+      <p>...
+
+     </dd>
+
+     http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg05902.html
+
+     -->
+
+     <dt>If the <code title="attr-keygen-keytype">keytype</code>
+     attribute is in the <i title="">RSA</i> state</dt>
+
+     <dd>
+
+      <p>Generate an RSA key pair using the settings given by the
+      user, if appropriate.</p>
+
+      <p>Select an RSA signature algorithm from those listed in
+      section 7.2.1 ("RSA Signature Algorithm") of RFC2459. <a
+      href="#refsRFC2459">[RFC2459]</a></p>
+
+     </dd>
+
+     <dt>Otherwise, the <code
+     title="attr-keygen-keytype">keytype</code> attribute is in the <i
+     title="">unknown</i> state</dt>
+
+     <dd>
+
+      <p>The given key type is not supported. Return the empty string
+      and abort this algorithm.</p>
+
+     </dd>
+
+    </dl>
+
+    <p>Let <var title="">private key</var> be the generated private key.</p>
+
+    <p>Let <var title="">public key</var> be the generated public key.</p>
+
+    <p>Let <var title="">signature algorithm</var> be the selected
+    signature algorithm.</p>
+
+   </li>
+
+   <li>
+
+    <p>If the element has a <code
+    title="attr-keygen-challenge">challenge</code> attribute, then let
+    <var title="">challenge</var> be that attribute's value.
+    Otherwise, let <var title="">challenge</var> be the empty
+    string.</p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">algorithm</var> be an ASN.1 <code
+    title="">AlgorithmIdentifier</code> structure as defined by
+    RFC2459, with the <code title="">algorithm</code> field giving the
+    ASN.1 OID used to identify <var title="">signature
+    algorithm</var>, using the OIDs defined in section 7.2 ("Signature
+    Algorithms") of RFC2459, and the <code title="">parameters</code>
+    field set up as required by RFC2459 for <code
+    title="">AlgorithmIdentifier</code> structures for that
+    algorithm. <a href="#refsX690">[X690]</a> <a
+    href="#refsRFC2459">[RFC2459]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">spki</var> be an ASN.1 <code
+    title="">SubjectPublicKeyInfo</code> structure as defined by
+    RFC2459, with the <code title="">algorithm</code> field set to the
+    <var title="">algorithm</var> structure from the previous step,
+    and the <code title="">subjectPublicKey</code> field set to the
+    BIT STRING value resulting from ASN.1 DER encoding the <var
+    title="">public key</var>. <a href="#refsX690">[X690]</a> <a
+    href="#refsRFC2459">[RFC2459]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">publicKeyAndChallenge</var> be an ASN.1
+    <code>PublicKeyAndChallenge</code> structure as defined below,
+    with the <code title="">spki</code> field set to the <var
+    title="">spki</var> structure from the previous step, and the
+    <code title="">challenge</code> field set to the string <var
+    title="">challenge</var> obtained earlier. <a
+    href="#refsX690">[X690]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">signature</var> be the BIT STRING value
+    resulting from ASN.1 DER encoding the signature generated by
+    applying the <var title="">signature algorithm</var> to the byte
+    string obtained by ASN.1 DER encoding the <var
+    title="">publicKeyAndChallenge</var> structure, using <var
+    title="">private key</var> as the signing key. <a
+    href="#refsX690">[X690]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">signedPublicKeyAndChallenge</var> be an ASN.1
+    <code>SignedPublicKeyAndChallenge</code> structure as defined
+    below, with the <code title="">publicKeyAndChallenge</code> field
+    set to the <var title="">publicKeyAndChallenge</var> structure,
+    the <code title="">signatureAlgorithm</code> field set to the <var
+    title="">algorithm</var> structure, and the <code
+    title="">signature</code> field set to the BIT STRING <var
+    title="">signature</var> from the previous step. <a
+    href="#refsX690">[X690]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Return the result of base64 encoding the result of ASN.1 DER
+    encoding the <var title="">signedPublicKeyAndChallenge</var>
+    structure. <a href="#refsRFC3548">[RFC3548]</a><!--base64--> <a
+    href="#refsX690">[X690]</a></p>
+
+   </li>
+
+  </ol>
+
+  <p>The data objects used by the above algorithm are defined as
+  follows. These definitions use the same "ASN.1-like" syntax defined
+  by RFC2459. <a href="#refsRFC2459">[RFC2459]</a></p>
+
+  <pre class="asn"><dfn>PublicKeyAndChallenge</dfn> ::= SEQUENCE {
+    spki <span>SubjectPublicKeyInfo</span>,
+    challenge IA5STRING
+}
+
+<dfn>SignedPublicKeyAndChallenge</dfn> ::= SEQUENCE {
+    publicKeyAndChallenge <span>PublicKeyAndChallenge</span>,
+    signatureAlgorithm <span>AlgorithmIdentifier</span>,
+    signature BIT STRING
+}</pre>
+
+  <hr>
+
+  <p><strong>Constraint validation:</strong> The <code>keygen</code>
+  element is <span>barred from constraint validation</span>.</p>
+
+  </div>
+
+  <p>The <code title="attr-fae-form">form</code> attribute is used to
+  explicitly associate the <code>keygen</code> element with its
+  <span>form owner</span>. The <code title="attr-fe-name">name</code>
+  attribute represents the element's name. The <code
+  title="attr-fe-disabled">disabled</code> attribute is used to make
+  the control non-interactive and to prevent its value from being
+  submitted. The <code title="attr-fe-autofocus">autofocus</code>
+  attribute controls focus.</p>
+
+  <dl class="domintro">
+
+   <dt><var title="">keygen</var> . <code title="attr-keygen-type">type</code></dt>
+
+   <dd>
+
+    <p>Returns the string "<code title="">keygen</code>".</p>
+
+   </dd>
+
+  </dl>
+
+  <div class="impl">
+
+  <p>The <dfn
+  title="dom-keygen-challenge"><code>challenge</code></dfn> and <dfn
+  title="dom-keygen-keytype"><code>keytype</code></dfn> DOM attributes
+  must <span>reflect</span> the respective content attributes of the
+  same name.</p>
+
+  <p>The <dfn title="dom-keygen-type"><code>type</code></dfn> DOM
+  attribute must return the value "<code title="">keygen</code>".</p>
+
+  <p>The <code title="dom-cva-willValidate">willValidate</code>, <code
+  title="dom-cva-validity">validity</code>, and <code
+  title="dom-cva-validationMessage">validationMessage</code>
+  attributes, and the <code
+  title="dom-cva-checkValidatity">checkValidity()</code> and <code
+  title="dom-cva-setCustomValidity">setCustomValidity()</code>
+  methods, are part of the <span>constraint validation API</span>. The
+  <code title="dom-lfe-labels">labels</code> attribute provides a list
+  of the element's <code>label</code>s.</p>
+
+  </div>
+
+  <p class="note">This specification does not specify how the private
+  key generated is to be used. It is expected that after receiving the
+  <code>SignedPublicKeyAndChallenge</code> (SPKAC) structure, the
+  server will generate a client certificate and offer it back to the
+  user for download; this certificate, once downloaded and stored in
+  the key store along with the private key, can then be used to
+  authenticate to services that use SSL and certificate
+  authentication.</p>
+
+
+
   <h4>The <dfn><code>output</code></dfn> element</h4>
 
   <dl class="element">
    <dt>Categories</dt>
    <dd><span>Flow content</span>.</dd>
    <dd><span>Phrasing content</span>.</dd>
    <dd><span title="category-listed">Listed</span> and <span title="category-reset">resettable</span> <span>form-associated element</span>.</dd>
    <dt>Contexts in which this element may be used:</dt>
    <dd>Where <span>phrasing content</span> is expected.</dd>
    <dt>Content model:</dt>
@@ -37743,21 +38054,21 @@ interface <dfn>HTMLOptionElement</dfn> : <span>HTMLElement</span> {
   must be the empty string.</p>
 
   <p>Whenever the element's descendants are changed in any way, if the
   <span title="concept-output-mode">value mode flag</span> is in mode
   <i title="concept-output-mode-default">default</i>, the element's
   <span title="concept-output-defaultValue">default value</span> must
   be set to the value of the element's <code>textContent</code> DOM
   attribute.</p>
 
   <p>The <span title="concept-form-reset-control">reset
-  algorithm</span> for <code>textarea</code> elements is to set the
+  algorithm</span> for <code>output</code> elements is to set the
   element's <code>textContent</code> DOM attribute to the value of the
   element's <code title="dom-output-defaultValue">defaultValue</code>
   DOM attribute (thus replacing the element's child nodes), and then
   to set the element's <span title="concept-output-mode">value mode
   flag</span> to <i
   title="concept-output-mode-default">default</i>.</p>
 
   </div>
 
   <dl class="domintro">
@@ -67987,21 +68298,22 @@ interface <dfn>MessagePort</dfn> {
     <p><span>Insert an HTML element</span> for the token.</p>
 
     <p>Set the <span>frameset-ok flag</span> to "not ok".</p>
 
     <p>Switch the <span>insertion mode</span> to "<span
     title="insertion mode: in table">in table</span>".</p>
 
    </dd>
 
    <dt>A start tag whose tag name is one of: "area", "basefont",
-   "bgsound", "br", "embed", "img", "input", "spacer", "wbr"</dt>
+   "bgsound", "br", "embed", "img", "input", "keygen", "spacer",
+   "wbr"</dt>
    <dd>
 
     <p><span>Reconstruct the active formatting elements</span>, if
     any.</p>
 
     <p><span>Insert an HTML element</span> for the token. Immediately
     pop the <span>current node</span> off the <span>stack of open
     elements</span>.</p>
 
     <p><span title="acknowledge self-closing flag">Acknowledge the
@@ -68113,29 +68425,20 @@ interface <dfn>MessagePort</dfn> {
     first stream of characters must be the same string as given in
     that attribute, and the second stream of characters must be
     empty. Otherwise, the two streams of character tokens together
     should, together with the <code>input</code> element, express the
     equivalent of "This is a searchable index. Insert your search
     keywords here: (input field)" in the user's preferred
     language.</p>
 
    </dd>
 
-<!-- XXX keygen support; don't forget form element pointer!
-     Search for 'keygen' elsewhere in the spec when doing this.
-
-   <dt>A start tag whose tag name is "keygen"</dt>
-   <dd>
-    ...
-   </dd>
--->
-
    <dt>A start tag whose tag name is "textarea"</dt>
    <dd>
 
     <ol>
 
      <li><p><span>Insert an HTML element</span> for the
      token.</p></li>
 
      <li><p>If the next token is a U+000A LINE FEED (LF) character
      token, then ignore that token and move on to the next
@@ -68325,24 +68628,23 @@ interface <dfn>MessagePort</dfn> {
     <span>insertion mode</span> to "<span title="insertion mode: in
     foreign content">in foreign content</span>".</p>
 
    </dd>
 
    <dt>A start <!--or end--> tag whose tag name is one of: "caption",
    "col", "colgroup", "frame", "head", "tbody", "td", "tfoot", "th",
    "thead", "tr"</dt>
    <!--<dt>An end tag whose tag name is one of: "area", "base",
    "basefont", "bgsound", "command", "embed", "hr", "iframe", "image",
-   "img", "input", "isindex", "link", "meta", "noembed", "noframes",
-   "param", "script", "select", "source", "spacer", "style", "table",
-   "textarea", "title", "wbr"</dt>--> <!-- add keygen if we add the
-   start tag -->
+   "img", "input", "isindex", "keygen", "link", "meta", "noembed",
+   "noframes", "param", "script", "select", "source", "spacer",
+   "style", "table", "textarea", "title", "wbr"</dt>-->
    <!--<dt>An end tag whose tag name is "noscript", if the
    <span>scripting flag</span> is enabled</dt>-->
    <dd>
     <p><span>Parse error</span>. Ignore the token.</p>
     <!-- end tags are commented out because since they can never end
     up on the stack anyway, the default end tag clause will
     automatically handle them. we don't want to have text in the spec
     that is just an optimisation, as that detracts from the spec
     itself -->
    </dd>
@@ -70221,27 +70523,27 @@ http://lxr.mozilla.org/seamonkey/search?string=nested
         such that consecutive invocations of this algorithm serialize an
         element's attributes in the same order.</p>
 
         <p>Append a U+003E GREATER-THAN SIGN (<code title="">&gt;</code>)
         character.</p>
 
         <p>If <var title="">current node</var> is an
         <code>area</code>, <code>base</code>, <code>basefont</code>,
         <code>bgsound</code>, <code>br</code>, <code>col</code>,
         <code>embed</code>, <code>frame</code>, <code>hr</code>,
-        <code>img</code>, <code>input</code>, <code>link</code>,
-        <code>meta</code>, <code>param</code>, <code>spacer</code>, or
-        <code>wbr</code> element, then continue on to the next child
-        node at this point.</p> <!-- also, i guess: image, isindex,
-        and keygen, but we don't list those because we don't consider
-        those "elements", more "macros", and thus we should never
-        serialize them -->
+        <code>img</code>, <code>input</code>, <code>keygen</code>,
+        <code>link</code>, <code>meta</code>, <code>param</code>,
+        <code>spacer</code>, or <code>wbr</code> element, then
+        continue on to the next child node at this point.</p> <!--
+        also, i guess: image and isindex, but we don't list those
+        because we don't consider those "elements", more "macros", and
+        thus we should never serialize them -->
 
         <p>If <var title="">current node</var> is a <code>pre</code>,
         <code>textarea</code>, or <code>listing</code> element, append
         a U+000A LINE FEED (LF) character.</p>
 
         <p>Append the value of running the <span>HTML fragment
         serialization algorithm</span> on the <var title="">current
         node</var> element (thus recursing into this algorithm for
         that element), followed by a U+003C LESS-THAN SIGN (<code
         title="">&lt;</code>) character, a U+002F SOLIDUS (<code
@@ -71822,21 +72124,21 @@ table[rules=all] > tfoot > tr > td, table[rules=all] > tfoot > tr > th {
   instead.</p>
 
 
   <h4>Resetting rules for inherited properties</h4>
 
   <p>The following rules are also expected to be in play, resetting
   certain properties to block inheritance by default.</p>
 
   <pre class="css">@namespace url(http://www.w3.org/1999/xhtml);
 
-table, input, select, option, optgroup, button, textarea<!--, keygen --> {
+table, input, select, option, optgroup, button, textarea, keygen {
   text-indent: initial;
 }</pre>
 
   <!-- arguably, the form controls' 'text-indent' lines should be in
   the sections below instead of here, but that would be far more
   complicated than this -->
 
   <p>In <span>quirks mode</span>, the following rules are also
   expected to apply:</p>
 
@@ -72717,20 +73019,33 @@ textarea { binding: <i title="">textarea</i>; }</pre>
 
   <p>For historical reasons, if the element has a <code
   title="attr-textarea-wrap">wrap</code> attribute whose value is an
   <span>ASCII case-insensitive</span> match for the string "<code
   title="attr-textarea-wrap-off">off</code>", then the user agent is
   expected to not wrap the rendered value; otherwise, the value of the
   control is expected to be wrapped to the width of the control.</p>
 
 
 
+  <h4>The <code>keygen</code> element</h4>
+
+  <pre class="css">@namespace url(http://www.w3.org/1999/xhtml);
+
+keygen { binding: <i title="">keygen</i>; }</pre>
+
+  <p>When the <i title="">keygen</i> binding applies to a
+  <code>keygen</code> element, the element is expected to render as an
+  'inline-block' box containing a user interface to configure the key
+  pair to be generated.</p>
+
+
+
   <h3>Frames and framesets</h3>
 
   <p>When an <code>html</code> element's second child element is a
   <code>frameset</code> element, the user agent is expected to render
   the <code>frameset</code> element as described below across the
   surface of the <span>view</span>, instead of applying the usual CSS
   rendering rules.</p>
 
   <p>When rendering a <code>frameset</code> on a surface, the user
   agent is expected to use the following layout algorithm:</p>
@@ -73835,20 +74150,21 @@ interface <dfn>TimeoutHandler</dfn> {
   Justin Sinclair,
   Kai Hendry,
   Kartikaya Gupta,
   Kristof Zelechovski,
   &#x9ed2;&#x6fa4;&#x525b;&#x5fd7; (KUROSAWA Takeshi),
   Kyle Hofmann<!-- Ozob -->,
   L&eacute;onard Bouchet,
   Lachlan Hunt,
   Larry Page,
   Lars Gunther<!-- Keryx Web -->,
+  Lars Sunberg<!-- surname uncertain -->,
   Laura L. Carlson,
   Laura Wisewell,
   Laurens Holst,
   Lee Kowalkowski,
   Leif Halvard Silli,
   Lenny Domnitser,
   Leons Petrazickis,
   Logan<!-- on moz irc -->,
   Loune,
   Maciej Stachowiak,
@@ -73974,20 +74290,21 @@ interface <dfn>TimeoutHandler</dfn> {
   Vladimir Vuki&#x0107;evi&#x0107;,
   voracity,
   Wakaba,
   Wayne Pollock,
   Wellington Fernando de Macedo,
   Will Levine,
   William Swanson,
   Wladimir Palant,
   Wolfram Kriesing,
   Yi-An Huang,
+  Yngve Nysaeter Pettersen,
   Zhenbin Xu,
   and
   &Oslash;istein E. Andersen,
 
   for their useful comments, both large and small, that have led to
   changes to this specification over the years.</p>
 
   <p>Thanks also to everyone who has ever posted about HTML5 to their
   blogs, public mailing lists, or forums, including the <a
   href="http://lists.w3.org/Archives/Public/public-html/">W3C

|