- From: Mitar <mmitar@gmail.com>
- Date: Mon, 7 Mar 2016 00:13:32 -0800
- To: Crispin Cowan <crispin@microsoft.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi! On Sun, Mar 6, 2016 at 11:46 PM, Crispin Cowan <crispin@microsoft.com> wrote: > There are 2 problems with this: > 1. You are asking the user to pick a cert. Don't do that, users don't understand certs. Only if they have multiple client-certs available. Also, users who have client-certs know that they have them. Asking them in the way Firefox asks I think is pretty good. Because they see the CA name and their name on the certificate. So you are just picking the identity there, not technical details. But I agree. If the client has only one certificate (probably in most cases with government certificates), we should not ask with a prompt. > 2. The cert is not unique to the asking web site. If you allow certs to be valid for more than one origin, you are inviting phishing attacks. Can you explain this a bit more? How you are inviting phishing attacks if the signed content contains the URL where the signing has been done? You cannot verify signatures manually anyway, so you have to pass validation through some sort of algorithm and that algorithm can also check if URL matches the expected URL. Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m
Received on Monday, 7 March 2016 08:14:02 UTC