Re: Secure Chrome and Secure MetaData (correction)

Chris Drake wrote:
> I wrote:
>> At the risk of upsetting James again - if solving this problem
> I meant:
>> At the risk of upsetting Thomas again - if solving this problem
> 
> While on the subject... What, exactly, is "not helpful" about
> reminding those on a path to a solution about keeping to the path when
> they persistently stray off towards dead-ends (significantly more
> often than I remind them I might add) ?
> 
> I am trying to keep minds open, lateral thought alive, and promote an
> environment where an actual public, useable, authentication scheme can
> genuinely evolve.  What kind of atmosphere and productivity
> improvements come from stifling experienced opinion? (I've been
> working on this problem since 1994.)
> 
> The word "Chrome" is so cool that nobody wants to put it back on the
> shelf where it belongs!
> 
> Kind Regards,
> Chris Drake

Lets say that this new fangled highly secure cannot be spoofed
mutual authentication protocol is invented.  Its not like all of
the web sites in the world are going to upgrade at once.  Nor is
it likely that all of the browser vendors will stop supporting
the existing protocols.  Therefore, you must come up with an
improved way of indicating to the end user that when the new fangled
highly secure protocol is in use and when it is not.  That is a
"chrome" issue.

The W3C is the organization with the appropriate participants to be
able to address this issue and to publish best practice guidelines
to browser vendors (who happen to be w3c members and participants
in this discussion).   The browser vendors have indicated a reluctance
to be first.  They would prefer that the w3c develop guidelines
that all vendors will implement at once.  That is what this group
is attempting to do when we discuss "secure chrome".

If you are interested in working on wire protocol solutions, I suggest
you focus your attention on the work the IETF will be considering
in Montreal during the Web Authentication Enhancements BOF.

Jeffrey Altman

Received on Wednesday, 21 June 2006 12:33:35 UTC