W3C home > Mailing lists > Public > public-credentials@w3.org > March 2016

Re: Verifiable Claims Telecon Minutes for 2016-03-29

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 30 Mar 2016 18:47:37 +0100
Cc: Carvalho Melvin <melvincarvalho@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, Kaliya IDwoman <kaliya-id@identitywoman.net>, Credentials CG <public-credentials@w3.org>
Message-Id: <144FB9DD-043B-4815-A436-F1E78215EF90@bblfish.net>
To: Anders Rundgren <anders.rundgren.net@gmail.com>

> On 30 Mar 2016, at 15:55, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> On 2016-03-30 16:49, Melvin Carvalho wrote:
>> 
>> 
>> On 30 March 2016 at 16:39, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>> In addition to technical issues it is also interesting nothing that new developments
>> in this space are likely to get limited support from the (browser) platform vendors:
>> https://lists.w3.org/Archives/Public/www-tag/2016Mar/0001.html <https://lists.w3.org/Archives/Public/www-tag/2016Mar/0001.html>
>> 
>> Apparently it is not enough to be the inventor of the Web and being knighted by the Queen
>> to keep even the old stuff intact!
>> 
>> A correction to this, firefox have confirmed that they WILL follow the TAG recent advice and not deprecate any used functionality until there is a suitable replacement.  
> 
> Suitable replacement?  Since the core issue (when you connect all the dots out there in various lists and forums...), rather is the deprecation of client certificates on the Web, the only imaginable replacement is FIDO alliance tokens and technologies.

If you look carefully, client certificates have not been deprecated. Hardware supported certificates are supported still.
What has been removed by Chrome is the easy low cost generation of client certificates via keygen. keygen was a bit
broken, true, but it should be easy to fix those, one way or another.

See https://github.com/w3ctag/client-certificates <https://github.com/w3ctag/client-certificates>

There is of course a lot of potential to improve certificates. X509 is not a be all end all. It works, but there is huge room for
improvement.

> 
> Creating "a better keygen" is clearly not considered.
> 
>>  
>> 
>> Personally, I advocate for solutions that make third-party extensions of the Web (browser)
>> architecture a reality because then you can iterate and experiment a bit before launching
>> new schemes, regardless if it is a proprietary product or a standard-to-be.
>> 
>> Anders
>> 
>> 
>> 
>> 
> 
Received on Wednesday, 30 March 2016 17:48:08 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 17:48:09 UTC