W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: browser change; little, nothing or a lot?

From: Henry Story <henry.story@bblfish.net>
Date: Sat, 12 Feb 2011 11:08:47 +0100
Cc: Peter Williams <home_pw@msn.com>
Message-Id: <32BF095F-0A14-4C33-AB27-3E03F85CB20A@bblfish.net>
To: WebID XG <public-xg-webid@w3.org>

On 12 Feb 2011, at 10:45, Henry Story wrote:

> On 12 Feb 2011, at 02:24, peter williams wrote:
> 
>> Define a new cert-type like PGP did (hello extension..)
> 
>    Could be useful, but clearly independent of the UI issue. There would be a big format war to decide there, and it's not clear what the advantage is going to be, apart from reduction of bugs due to ASN.1 parsing problems. So here I think there needs to be a lot more work done finding the benefits. My guess is that this should be done after wide deployment of WebID, because then the advantages of what should go into such a certificate will be a lot more obvious.

Much more important than cert-type in my view will be implementation of the results of the IETF keyassure group in the browser. 

See their first draft:
http://tools.ietf.org/html/draft-ietf-dane-protocol-04

That will make it much easier to deploy https on the server, and have a lot of other security advantages, that will be obvious to browser vendors quite apart from the needs of WebID.

	Henry
Received on Saturday, 12 February 2011 10:09:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC