- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 17 May 2014 20:38:00 +0200
- To: public-webid@w3.org
On 2014-05-17 20:17, Kingsley Idehen wrote: <snip> >> >> TLS may be used although banks usually bypass the standard solution for the >> fact that is is incomplete from their perspective including missing support >> for PIN-code protected keys for on-line provisioned certificates. Netscape's >> 1995 two-week student hack (HTML5's keygen) doesn't really cut it. > > As I've told you repeatedly, this too is inaccurate. You are looking at > things from a very specific perspective (programming of PKI applications > pre Web) that you've rendered immutable. Until you loosen your > worldview, we will continue to loop on this matter. HTTPS Client Certificate Authentication using "soft tokens" as featured in Firefox, Chrome, MISE and Safari doesn't offer PIN-code protected credentials which is a prerequisite in the bank-world. In addition, the banks I talk about have at least FOUR MAGNITUDES more users than WebID-TLS. That they don't participate in W3C is strange but OTOH, I don't see much (if any...) browser vendor interest in WebID or WebPayments so it would be pointless for banks to join at this stage. It would be interesting to hear what the W3C think about this. Anders
Received on Saturday, 17 May 2014 18:38:34 UTC