W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2016

Re: Alternative proposal for the form signing using client-certificate

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 12 Mar 2016 06:27:09 +0100
To: Mitar <mmitar@gmail.com>
Cc: Crispin Cowan <crispin@microsoft.com>, "timeless@gmail.com" <timeless@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <56E3A8AD.6010006@gmail.com>
On 2016-03-12 04:33, Mitar wrote:
> On Fri, Mar 11, 2016 at 1:39 AM, Anders Rundgren
>> In my new country France, they don't even have a concept of a citizen ID
>> which means that you must manage 5-6 different passwords in order to access
>> all e-gov services!
>
> I am sorry for you. :-)
>
> I love that in Slovenia I can send an e-mail and use my certificate
> with S/MIME to sign it and it is a legally bound document. I can issue
> receipts in the same way. Really cool stuff. And S/MIME is a standard
> so it works well. Sadly, we do not yet have anything like that in
> browsers.

In my old country (Sweden) I can log in to (almost) any of the national banks
(assuming I have an account there), to all e-government services as well as
sending money in real-time only using a phone number as account identifier,
all based on Mobile BankID which is an "App" + X.509 certificate. S/MIME?
N/A (which says something about the state of eID "standardization").

As long as you can't extend browsers, Apps is (IMO) the way to go.

Trying to revive an already dead horse (client-certificate support in browsers
of the kind that exists/existed in for example MSIE), doesn't seem to be worthwhile.
Feel free trying, but don't expect any support from governments; they are fully
occupied solving yesterdays' problems :-)  W3C? No, they (well, the browser vendors...)
have already dismissed this topic so your only option is "forking" Chrome or Firefox.

Anders
Received on Saturday, 12 March 2016 05:28:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:18 UTC