W3C home > Mailing lists > Public > public-identity@w3.org > February 2012

Re: W3C Web Identity Standardization Woes

From: Henry B. Hotz <hotz@jpl.nasa.gov>
Date: Wed, 8 Feb 2012 17:04:41 -0800
Cc: Ron Garret <ron@flownet.com>, "public-identity@w3.org" <public-identity@w3.org>, Harry Halpin <hhalpin@w3.org>
Message-Id: <96005619-F5AE-4DB0-86B8-B2AA23CE2BF5@jpl.nasa.gov>
To: Anders Rundgren <anders.rundgren@telia.com>

On Feb 8, 2012, at 11:50 AM, Anders Rundgren wrote:

> Anyway, I let you continue with whatever you do in peace; I stick to
> the Open Source/Hardware route and skip standardization.  

I'm honestly not trying to be hostile, but if this is how you feel why are you here?

> There are
> no surefire successes in this space and I wish you luck.
> Anders
>>> On 02/08/2012 06:30 AM, Anders Rundgren wrote:
>>>> IMO smart
>>>> cards using non-domain-restricted credentials such as PIV must not be exposed
>>>> on the web; they can only be used by trusted applications such as TLS.
>>>> Anders

I have absolutely no idea what you are trying to say here.  1) I'd hardly call TLS a "trusted application";  2) A PIV card is a well-defined client credential, with good security properties.  Obviously, if someone can *otherwise* break in to the machine it's plugged into, it can be at least temporarily hijacked.  Is that what you mean by "exposed on the web"?

Is the phrase "non-domain-restricted credentials" as Microsoft-centric as it sounds, or are you referring to DNS?

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
Received on Thursday, 9 February 2012 01:05:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:09:07 UTC