W3C home > Mailing lists > Public > public-identity@w3.org > December 2011

Re: New "Goals" (use-cases) - Is your use-case there, accurately described?

From: David Dahl <ddahl@mozilla.com>
Date: Fri, 9 Dec 2011 09:53:28 -0800 (PST)
To: Henry Story <henry.story@bblfish.net>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Harry Halpin <hhalpin@w3.org>, public-identity@w3.org
Message-ID: <862067021.43640.1323453208028.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>


----- Original Message -----
> From: "Henry Story" <henry.story@bblfish.net>
> To: "David Dahl" <ddahl@mozilla.com>
> Cc: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, "Harry Halpin" <hhalpin@w3.org>, public-identity@w3.org
> Sent: Friday, December 9, 2011 10:40:34 AM
> Subject: Re: New "Goals" (use-cases) - Is your use-case there, accurately described?
> On 9 Dec 2011, at 16:36, David Dahl wrote:
> 
> You should look at the work of the DANE IETF working group
> http://tools.ietf.org/wg/dane/
> They are showing how one can use DNSsec to store the public keys, and
> so seriously increase the reliability of CAs, as well as allow people
> to not use CAs as well. Since DNS really needs to be secured I don't
> doubt that this is going to have happened before this working group is
> done.

Yes this is encouraging, and I have been keeping tabs on the DNSSec work

> >
> > Many "secure" messaging tools are being built right now in an
> > insecure manner. Web devs are rolling their own crypto and using
> > libraries that expose key material to content JS - not to mention
> > the slow performance issues. Web devs are already way ahead of
> > browser makers here, to the detriment of endusers. We are playing
> > catch-up, and we have the ability to safely expose proven crypto to
> > the DOM.
> 
> But that does not mean that you could not get the API to work with
> X509 Certificates and X509 public/private keys, right? The point is
> that that is a cheap way of making oneself a lot of friends, and
> widening the interoperability space. If people are using X509 Certs
> then it would be useful if they could also interoperate with the API.

Agreed. We should look at this in depth - interoperability is important. I wonder how much scope creep this will entail. That is my only fear.

Cheers,

David 
Received on Friday, 9 December 2011 17:54:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 9 December 2011 17:54:07 GMT