HTML Standard Tracker

Diff (omit for latest revision)
Filter

Short URL: http://html5.org/r/2960

File a bug

SVNBugCommentTime (UTC)
2960[Authors] [Conformance Checkers] [Gecko] [Opera] [Webkit] First cut at defining <keygen>. Affects parser, rendering, and form submission.2009-04-07 03:48
Index: source
===================================================================
--- source	(revision 2959)
+++ source	(revision 2960)
@@ -37662,6 +37662,317 @@
 
 
 
+  <h4>The <dfn><code>keygen</code></dfn> element</h4>
+
+  <dl class="element">
+   <dt>Categories</dt>
+   <dd><span>Flow content</span>.</dd>
+   <dd><span>Phrasing content</span>.</dd>
+   <dd><span>Interactive content</span>.</dd>
+   <dd><span title="category-listed">Listed</span>, <span title="category-label">labelable</span>, <span title="category-submit">submittable</span>, and <span title="category-reset">resettable</span> <span>form-associated element</span>.</dd>
+   <dt>Contexts in which this element may be used:</dt>
+   <dd>Where <span>phrasing content</span> is expected.</dd>
+   <dt>Content model:</dt>
+   <dd>Empty.</dd>
+   <dt>Content attributes:</dt>
+   <dd><span>Global attributes</span></dd>
+   <dd><code title="attr-fe-autofocus">autofocus</code></dd>
+   <dd><code title="attr-keygen-challenge">challenge</code></dd>
+   <dd><code title="attr-fe-disabled">disabled</code></dd>
+   <dd><code title="attr-fae-form">form</code></dd>
+   <dd><code title="attr-keygen-keytype">keytype</code></dd>
+   <dd><code title="attr-fe-name">name</code></dd>
+   <dt>DOM interface:</dt>
+   <dd>
+<pre class="idl">interface <dfn>HTMLKeygenElement</dfn> : <span>HTMLElement</span> {
+           attribute boolean <span title="dom-fe-autofocus">autofocus</span>;
+           attribute DOMString <span title="dom-keygen-challenge">challenge</span>;
+           attribute boolean <span title="dom-fe-disabled">disabled</span>;
+  readonly attribute <span>HTMLFormElement</span> <span title="dom-fae-form">form</span>;
+           attribute DOMString <span title="dom-keygen-keytype">keytype</span>;
+           attribute DOMString <span title="dom-fe-name">name</span>;
+
+  readonly attribute DOMString <span title="dom-keygen-type">type</span>;
+
+  readonly attribute boolean <span title="dom-cva-willValidate">willValidate</span>;
+  readonly attribute <span>ValidityState</span> <span title="dom-cva-validity">validity</span>;
+  readonly attribute DOMString <span title="dom-cva-validationMessage">validationMessage</span>;
+  boolean <span title="dom-cva-checkValidatity">checkValidity</span>();
+  void <span title="dom-cva-setCustomValidity">setCustomValidity</span>(in DOMString error);
+
+  readonly attribute <span>NodeList</span> <span title="dom-lfe-labels">labels</span>;
+};</pre>
+   </dd> 
+  </dl>
+
+  <p>The <code>keygen</code> element <span>represents</span> a key
+  pair generator control. When the control's form is submitted, the
+  private key is stored in the local keystore, and the public key is
+  packaged and sent to the server.</p>
+
+  <p>The <dfn
+  title="attr-keygen-challenge"><code>challenge</code></dfn> attribute
+  may be specified. Its value will be packaged with the submitted
+  key.</p>
+
+  <p>The <dfn title="attr-keygen-keytype"><code>keytype</code></dfn>
+  attribute is an <span>enumerated attribute</span>. The following
+  table lists the keywords and states for the attribute &mdash; the
+  keywords in the left column map to the states listed in the cell in
+  the second column on the same row as the keyword.</p>
+
+  <table>
+   <thead> <tr> <th> Keyword <th> State
+   <tbody>
+    <tr>
+     <td> <code title="">rsa</code>
+     <td> <i title="">RSA</i>
+  </table>
+
+  <p>The <i>invalid value default</i> state is the <i
+  title="">unknown</i> state. The <i>missing value default</i> state
+  is the <i title="">RSA</i> state.</p>
+
+  <div class="impl">
+
+  <p>The user agent may expose a user interface for each
+  <code>keygen</code> element to allow the user to configure settings
+  of the element's key pair generator, e.g. the key length.</p>
+
+  <p>The <span title="concept-form-reset-control">reset
+  algorithm</span> for <code>keygen</code> elements is to set these
+  various configuration settings back to their defaults.</p>
+
+  <p>The element's <span title="concept-fe-value">value</span> is the
+  string returned from the following algorithm:</p>
+
+  <!-- XXXrefs:
+    [X690] http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+  -->
+
+  <ol>
+
+   <li>
+
+    <p>Use the appropriate step from the following list:</p>
+
+    <dl class="switch">
+
+     <!--
+
+     <dt>If the <code title="attr-keygen-keytype">keytype</code>
+     attribute is in the <i title="">EC</i> state</dt>
+
+     <dd>
+
+      <p>...
+
+     </dd>
+
+     http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg05902.html
+
+     -->
+
+     <dt>If the <code title="attr-keygen-keytype">keytype</code>
+     attribute is in the <i title="">RSA</i> state</dt>
+
+     <dd>
+
+      <p>Generate an RSA key pair using the settings given by the
+      user, if appropriate.</p>
+
+      <p>Select an RSA signature algorithm from those listed in
+      section 7.2.1 ("RSA Signature Algorithm") of RFC2459. <a
+      href="#refsRFC2459">[RFC2459]</a></p>
+
+     </dd>
+
+     <dt>Otherwise, the <code
+     title="attr-keygen-keytype">keytype</code> attribute is in the <i
+     title="">unknown</i> state</dt>
+
+     <dd>
+
+      <p>The given key type is not supported. Return the empty string
+      and abort this algorithm.</p>
+
+     </dd>
+
+    </dl>
+
+    <p>Let <var title="">private key</var> be the generated private key.</p>
+
+    <p>Let <var title="">public key</var> be the generated public key.</p>
+
+    <p>Let <var title="">signature algorithm</var> be the selected
+    signature algorithm.</p>
+
+   </li>
+
+   <li>
+
+    <p>If the element has a <code
+    title="attr-keygen-challenge">challenge</code> attribute, then let
+    <var title="">challenge</var> be that attribute's value.
+    Otherwise, let <var title="">challenge</var> be the empty
+    string.</p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">algorithm</var> be an ASN.1 <code
+    title="">AlgorithmIdentifier</code> structure as defined by
+    RFC2459, with the <code title="">algorithm</code> field giving the
+    ASN.1 OID used to identify <var title="">signature
+    algorithm</var>, using the OIDs defined in section 7.2 ("Signature
+    Algorithms") of RFC2459, and the <code title="">parameters</code>
+    field set up as required by RFC2459 for <code
+    title="">AlgorithmIdentifier</code> structures for that
+    algorithm. <a href="#refsX690">[X690]</a> <a
+    href="#refsRFC2459">[RFC2459]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">spki</var> be an ASN.1 <code
+    title="">SubjectPublicKeyInfo</code> structure as defined by
+    RFC2459, with the <code title="">algorithm</code> field set to the
+    <var title="">algorithm</var> structure from the previous step,
+    and the <code title="">subjectPublicKey</code> field set to the
+    BIT STRING value resulting from ASN.1 DER encoding the <var
+    title="">public key</var>. <a href="#refsX690">[X690]</a> <a
+    href="#refsRFC2459">[RFC2459]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">publicKeyAndChallenge</var> be an ASN.1
+    <code>PublicKeyAndChallenge</code> structure as defined below,
+    with the <code title="">spki</code> field set to the <var
+    title="">spki</var> structure from the previous step, and the
+    <code title="">challenge</code> field set to the string <var
+    title="">challenge</var> obtained earlier. <a
+    href="#refsX690">[X690]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">signature</var> be the BIT STRING value
+    resulting from ASN.1 DER encoding the signature generated by
+    applying the <var title="">signature algorithm</var> to the byte
+    string obtained by ASN.1 DER encoding the <var
+    title="">publicKeyAndChallenge</var> structure, using <var
+    title="">private key</var> as the signing key. <a
+    href="#refsX690">[X690]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Let <var title="">signedPublicKeyAndChallenge</var> be an ASN.1
+    <code>SignedPublicKeyAndChallenge</code> structure as defined
+    below, with the <code title="">publicKeyAndChallenge</code> field
+    set to the <var title="">publicKeyAndChallenge</var> structure,
+    the <code title="">signatureAlgorithm</code> field set to the <var
+    title="">algorithm</var> structure, and the <code
+    title="">signature</code> field set to the BIT STRING <var
+    title="">signature</var> from the previous step. <a
+    href="#refsX690">[X690]</a></p>
+
+   </li>
+
+   <li>
+
+    <p>Return the result of base64 encoding the result of ASN.1 DER
+    encoding the <var title="">signedPublicKeyAndChallenge</var>
+    structure. <a href="#refsRFC3548">[RFC3548]</a><!--base64--> <a
+    href="#refsX690">[X690]</a></p>
+
+   </li>
+
+  </ol>
+
+  <p>The data objects used by the above algorithm are defined as
+  follows. These definitions use the same "ASN.1-like" syntax defined
+  by RFC2459. <a href="#refsRFC2459">[RFC2459]</a></p>
+
+  <pre class="asn"><dfn>PublicKeyAndChallenge</dfn> ::= SEQUENCE {
+    spki <span>SubjectPublicKeyInfo</span>,
+    challenge IA5STRING
+}
+
+<dfn>SignedPublicKeyAndChallenge</dfn> ::= SEQUENCE {
+    publicKeyAndChallenge <span>PublicKeyAndChallenge</span>,
+    signatureAlgorithm <span>AlgorithmIdentifier</span>,
+    signature BIT STRING
+}</pre>
+
+  <hr>
+
+  <p><strong>Constraint validation:</strong> The <code>keygen</code>
+  element is <span>barred from constraint validation</span>.</p>
+
+  </div>
+
+  <p>The <code title="attr-fae-form">form</code> attribute is used to
+  explicitly associate the <code>keygen</code> element with its
+  <span>form owner</span>. The <code title="attr-fe-name">name</code>
+  attribute represents the element's name. The <code
+  title="attr-fe-disabled">disabled</code> attribute is used to make
+  the control non-interactive and to prevent its value from being
+  submitted. The <code title="attr-fe-autofocus">autofocus</code>
+  attribute controls focus.</p>
+
+  <dl class="domintro">
+
+   <dt><var title="">keygen</var> . <code title="attr-keygen-type">type</code></dt>
+
+   <dd>
+
+    <p>Returns the string "<code title="">keygen</code>".</p>
+
+   </dd>
+
+  </dl>
+
+  <div class="impl">
+
+  <p>The <dfn
+  title="dom-keygen-challenge"><code>challenge</code></dfn> and <dfn
+  title="dom-keygen-keytype"><code>keytype</code></dfn> DOM attributes
+  must <span>reflect</span> the respective content attributes of the
+  same name.</p>
+
+  <p>The <dfn title="dom-keygen-type"><code>type</code></dfn> DOM
+  attribute must return the value "<code title="">keygen</code>".</p>
+
+  <p>The <code title="dom-cva-willValidate">willValidate</code>, <code
+  title="dom-cva-validity">validity</code>, and <code
+  title="dom-cva-validationMessage">validationMessage</code>
+  attributes, and the <code
+  title="dom-cva-checkValidatity">checkValidity()</code> and <code
+  title="dom-cva-setCustomValidity">setCustomValidity()</code>
+  methods, are part of the <span>constraint validation API</span>. The
+  <code title="dom-lfe-labels">labels</code> attribute provides a list
+  of the element's <code>label</code>s.</p>
+
+  </div>
+
+  <p class="note">This specification does not specify how the private
+  key generated is to be used. It is expected that after receiving the
+  <code>SignedPublicKeyAndChallenge</code> (SPKAC) structure, the
+  server will generate a client certificate and offer it back to the
+  user for download; this certificate, once downloaded and stored in
+  the key store along with the private key, can then be used to
+  authenticate to services that use SSL and certificate
+  authentication.</p>
+
+
+
   <h4>The <dfn><code>output</code></dfn> element</h4>
 
   <dl class="element">
@@ -37750,7 +38061,7 @@
   attribute.</p>
 
   <p>The <span title="concept-form-reset-control">reset
-  algorithm</span> for <code>textarea</code> elements is to set the
+  algorithm</span> for <code>output</code> elements is to set the
   element's <code>textContent</code> DOM attribute to the value of the
   element's <code title="dom-output-defaultValue">defaultValue</code>
   DOM attribute (thus replacing the element's child nodes), and then
@@ -67994,7 +68305,8 @@
    </dd>
 
    <dt>A start tag whose tag name is one of: "area", "basefont",
-   "bgsound", "br", "embed", "img", "input", "spacer", "wbr"</dt>
+   "bgsound", "br", "embed", "img", "input", "keygen", "spacer",
+   "wbr"</dt>
    <dd>
 
     <p><span>Reconstruct the active formatting elements</span>, if
@@ -68120,15 +68432,6 @@
 
    </dd>
 
-<!-- XXX keygen support; don't forget form element pointer!
-     Search for 'keygen' elsewhere in the spec when doing this.
-
-   <dt>A start tag whose tag name is "keygen"</dt>
-   <dd>
-    ...
-   </dd>
--->
-
    <dt>A start tag whose tag name is "textarea"</dt>
    <dd>
 
@@ -68332,10 +68635,9 @@
    "thead", "tr"</dt>
    <!--<dt>An end tag whose tag name is one of: "area", "base",
    "basefont", "bgsound", "command", "embed", "hr", "iframe", "image",
-   "img", "input", "isindex", "link", "meta", "noembed", "noframes",
-   "param", "script", "select", "source", "spacer", "style", "table",
-   "textarea", "title", "wbr"</dt>--> <!-- add keygen if we add the
-   start tag -->
+   "img", "input", "isindex", "keygen", "link", "meta", "noembed",
+   "noframes", "param", "script", "select", "source", "spacer",
+   "style", "table", "textarea", "title", "wbr"</dt>-->
    <!--<dt>An end tag whose tag name is "noscript", if the
    <span>scripting flag</span> is enabled</dt>-->
    <dd>
@@ -70228,13 +70530,13 @@
         <code>area</code>, <code>base</code>, <code>basefont</code>,
         <code>bgsound</code>, <code>br</code>, <code>col</code>,
         <code>embed</code>, <code>frame</code>, <code>hr</code>,
-        <code>img</code>, <code>input</code>, <code>link</code>,
-        <code>meta</code>, <code>param</code>, <code>spacer</code>, or
-        <code>wbr</code> element, then continue on to the next child
-        node at this point.</p> <!-- also, i guess: image, isindex,
-        and keygen, but we don't list those because we don't consider
-        those "elements", more "macros", and thus we should never
-        serialize them -->
+        <code>img</code>, <code>input</code>, <code>keygen</code>,
+        <code>link</code>, <code>meta</code>, <code>param</code>,
+        <code>spacer</code>, or <code>wbr</code> element, then
+        continue on to the next child node at this point.</p> <!--
+        also, i guess: image and isindex, but we don't list those
+        because we don't consider those "elements", more "macros", and
+        thus we should never serialize them -->
 
         <p>If <var title="">current node</var> is a <code>pre</code>,
         <code>textarea</code>, or <code>listing</code> element, append
@@ -71829,7 +72131,7 @@
 
   <pre class="css">@namespace url(http://www.w3.org/1999/xhtml);
 
-table, input, select, option, optgroup, button, textarea<!--, keygen --> {
+table, input, select, option, optgroup, button, textarea, keygen {
   text-indent: initial;
 }</pre>
 
@@ -72724,6 +73026,19 @@
 
 
 
+  <h4>The <code>keygen</code> element</h4>
+
+  <pre class="css">@namespace url(http://www.w3.org/1999/xhtml);
+
+keygen { binding: <i title="">keygen</i>; }</pre>
+
+  <p>When the <i title="">keygen</i> binding applies to a
+  <code>keygen</code> element, the element is expected to render as an
+  'inline-block' box containing a user interface to configure the key
+  pair to be generated.</p>
+
+
+
   <h3>Frames and framesets</h3>
 
   <p>When an <code>html</code> element's second child element is a
@@ -73842,6 +74157,7 @@
   Lachlan Hunt,
   Larry Page,
   Lars Gunther<!-- Keryx Web -->,
+  Lars Sunberg<!-- surname uncertain -->,
   Laura L. Carlson,
   Laura Wisewell,
   Laurens Holst,
@@ -73981,6 +74297,7 @@
   Wladimir Palant,
   Wolfram Kriesing,
   Yi-An Huang,
+  Yngve Nysaeter Pettersen,
   Zhenbin Xu,
   and
   &Oslash;istein E. Andersen,

|