- From: Henry B. Hotz <hotz@jpl.nasa.gov>
- Date: Wed, 8 Feb 2012 17:04:41 -0800
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: Ron Garret <ron@flownet.com>, "public-identity@w3.org" <public-identity@w3.org>, Harry Halpin <hhalpin@w3.org>
On Feb 8, 2012, at 11:50 AM, Anders Rundgren wrote: > Anyway, I let you continue with whatever you do in peace; I stick to > the Open Source/Hardware route and skip standardization. I'm honestly not trying to be hostile, but if this is how you feel why are you here? > There are > no surefire successes in this space and I wish you luck. > > Anders > >>> On 02/08/2012 06:30 AM, Anders Rundgren wrote: >>>> IMO smart >>>> cards using non-domain-restricted credentials such as PIV must not be exposed >>>> on the web; they can only be used by trusted applications such as TLS. >>>> >>>> Anders I have absolutely no idea what you are trying to say here. 1) I'd hardly call TLS a "trusted application"; 2) A PIV card is a well-defined client credential, with good security properties. Obviously, if someone can *otherwise* break in to the machine it's plugged into, it can be at least temporarily hijacked. Is that what you mean by "exposed on the web"? Is the phrase "non-domain-restricted credentials" as Microsoft-centric as it sounds, or are you referring to DNS? ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
Received on Thursday, 9 February 2012 01:05:19 UTC