Re: The actual problem. Re: Certificates from Mountie Lee on 2013-03-18 (public-webcrypto-comments@w3.org from March 2013)

From: Mountie Lee <mountie.lee@mw2.or.kr>
Date: Mon, 18 Mar 2013 15:41:34 +0900
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: Jeffrey Walton <noloader@gmail.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <CAE-+aYLiMCkQLp0p6sjgdy1_osrLtQNpTeA+8C4pmPKB-=oobA@mail.gmail.com>

Hi.

current WebCrypto Charter (
http://www.w3.org/2011/11/webcryptography-charter.html) describe the
secondary features in Scope chapter.
I  think
Client TLS Certificate can be included in "control of TLS session
login/logout"
I don't think TLS means not just for server cert only.
but it means for server only or server and client certs both.

regards
mountie.



On Mon, Mar 18, 2013 at 2:12 PM, Anders Rundgren
<anders.rundgren@telia.com>wrote:

> On 2013-03-17 21:02, Jeffrey Walton wrote:
> > On Sat, Mar 16, 2013 at 2:30 AM, Anders Rundgren
> > <anders.rundgren@telia.com> wrote:
> >> I don't claim to have full insight in anything but one thing I do know:
> client-certificates are usually referred to in the same context as
> _secure_key-storage_ but the latter reached a complete standstill more than
> a _decade_ ago.
> >>
> > The problem appears to be usability, which might explain the
> > standstill. See, for example, the recent discussion "Client TLS
> > Certificates - why not?",
> > http://lists.randombit.net/pipermail/cryptography/2013-March/003946.html
> :
> >
> >     Can anyone enlighten me why client TLS
> >     certificates are used so rarely? It used to
> >     be a hassle in the past, but now at least
> >     the major browsers offer quite decent client
> >     cert support, and seeing how most people
> >     struggle with passwords, I don't see why
> >     client certs could not be beneficial even
> >     to "ordinary users".
> >
> > The threaded view is available at
> > http://lists.randombit.net/pipermail/cryptography/2013-March/thread.html
> .
>
> This discussion missed the initial pain-point, how to provision a
> certificate.
>
> By the actually pretty large communities of client-certificate-users out
> there,
> this has usually been solved by deploying proprietary software since for
> example
> Windows doesn't have this functionality, which according to my contacts in
> Redmond,
> is "By Design": "There's no business case for consumer authentication
> using PKI".
>
> Anders
>
> >
> > Jeff
> >
> >
>
>
>
>
>
>
>
>
>


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Monday, 18 March 2013 06:42:21 UTC