The document needs to clarify what it means to operate in the client's interest

[minfrin]

There are two kinds of crypto we want to do on the web:

• Crypto that protects the server’s interests. Think copy protection.
• Crypto that protects the client’s interests. Think document signing, non-repudiation, authnz.

There is no way that code that is obtained from a server can be trusted to operate in the interests of the client. The server can initiate a request for the client to do something, but the mechanics of doing this has to be built into the client.

The existing keygen tag operates clearly and unambiguously in the interests of the client. This document needs to clearly state this as a requirement.

[dirkx]

Aye - though keep in mind that in the current setting the client does not have any control over the DNs and what not.

So that allows for a fair amount of social/confusing/spring-clean attack issues; as the user interface is not good --- Usually a 'this site wants you to authenticate with a client certificate' - followed by a pull down of the CN's or DNs -- pretty much under sole server/issuer control.