[WebCrypto.Next] Comparison with HTTPS Client Cert Auth

HTTPS Client Certificate Authentication is supported by all browsers since almost 20 years back.
It exposes a fully standardized interface to Web Applications which simply is an URL.
In spite of that it is entirely proprietary with respect to integration in the browser platform
with implementations based on PKCS #11, CryptoAPI, JCE, .NET, NSS as well as working with a
huge range of secure key-containers like SIM, PIV, TEE, TPM, "Soft Keys".  This side of the
coin has not been standardized since it [provably] wasn't needed.

In: https://lists.w3.org/Archives/Public/public-webcrypto-comments/2015Jan/0000.html
Google's Ryan Sleevy writes:
   What you're looking for is

This scheme could (after "Polishing" + W3C Standardization), without doubt support the same
powerful paradigm as HTTPS Client Certificate Authentication (Web-Portable/Platform-Proprietary),
for virtually any security application you could think of.

I don't understand why it is so hard admitting that we all (even including yours truly!),
have been looking for answers in the [entirely] wrong place.  It's only human to err :-)


Received on Thursday, 19 February 2015 10:49:30 UTC