path: root/source
diff options
authorJan Dittberner <>2020-12-29 14:49:16 +0100
committerJan Dittberner <>2020-12-29 14:49:16 +0100
commit14dc442cf48e9e0577f49f857a751b081e8d1b91 (patch)
tree3e61898eac0ca936c703cf5815ce0304cbd2f610 /source
parent178dd980a05789a929eb684b044562b87e621f82 (diff)
Add section for keygen replacement
Diffstat (limited to 'source')
1 files changed, 20 insertions, 0 deletions
diff --git a/source/future.rst b/source/future.rst
index ad50410..0798216 100644
--- a/source/future.rst
+++ b/source/future.rst
@@ -237,6 +237,26 @@ could just use information from the client certificates issued by our CA.
We could use OAuth2 or OpenID Connect for our own infrastructure too.
+Client certificate enrollment in browser
+The ancient ``keygen`` tag is not implemented by modern browsers and needs a
+replacement to allow easy enrollment of client certificates for users that are
+not capable to use external tools. There is :bug:`1417` filed by affected
+There are JavaScript libraries like and
+ that support the cryptographic
+There are already two prototype implementations by Bernhard and Jan that could
+be integrated with the current or a new future web application.
+- Bernhard's proof of concept with a subset of pkijs
+- Jan's proof of concept with the forge library
Cross cutting concerns