- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Sun, 23 Dec 2007 17:11:40 +0000
- To: Ian Fette <ifette@google.com>
- CC: W3 Work Group <public-wsc-wg@w3.org>
Ian Fette wrote: > It seems to me like we are getting way beyond the scope of this group, Yes, the proposed extension will be processed (or not) in the IETF. This group should more-or-less ignore it, same as with the no- interaction certs idea, and for much the same reason. > and personally I don't see the value of what we're discussing in a > broader sense. What matters in the current world of SSL is that the > given cert is valid for the given site. We're talking about all sorts of All sorts? Bit of an exaggeration, maybe. > extensions just to support an edge case in a new form-filler that may or > may not ever see broad adoption. If, under the best of cases, it does > see adoption but the cert continuity part is left out, what's the worst > that can happen? The user has to re-type their username and password? > Given the strict matching of this mechanism, it seems to me like the > user will be re-typing their information a lot anyways, and so what's > one more re-type every two years? Maybe. The fact that this hasn't been needed so far does indicate that its probably a corner case all right. OTOH, I reckon that it might be useful enough to bother producing an RFC. > It seems like we're climbing down a giant rathole with no pot-of-gold in > sight... Nope. Only if we misunderstood the various processes involved. Happy holidays, S.
Received on Sunday, 23 December 2007 17:11:42 UTC