- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 15 Feb 2015 07:51:25 +0100
- To: Tony Arcieri <bascule@gmail.com>
- CC: "public-web-security@w3.org" <public-web-security@w3.org>
On 2015-02-14 22:33, Tony Arcieri wrote: > Keygen was created in the absence of a good user experience story. X.509 client certificates are already extremely problematic from a UX perspective, and <keygen> just makes it worse with a confusing onboarding workflow. This posting was really about the lack of accepted standards for certificate enrollment and why it is pointless waiting for such standards. What's needed is a way for third-parties creating add-ons to browsers that (for example) can enroll certificates which seems like a task (or interest at least) for the people who participated in: http://www.w3.org/2012/webcrypto/webcrypto-next-workshop X.509 client certificates are indeed associated with bad UXs, but the true culprit are the extremely dated underpinning systems which do not support any kind of user-oriented meta-data like icons. Here is an example of a system in development requiring tons of features outside of what "keygen" & friends offer: http://webpki.org/papers/decentralized-payments.pdf X.509 client certificates as if Steve Jobs had designed them? :-) Anders > > I will note that Microsoft is supporting U2F in Windows 10 > > On Fri, Feb 13, 2015 at 11:43 PM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > > Microsoft haven't implemented HTML5's keygen in spite of being a "standard". > The same is valid for iOS. > > This makes the use of X.509 certificates quite quirky. > > What's the way ahead then? Since the world [apparently] is divided a better path > could be to offer a web interface that allows you to implement the "keygen" you want. > > You see a pattern here? No? > > Anders > > > > > > > -- > Tony Arcieri
Received on Sunday, 15 February 2015 06:52:13 UTC