Securing Social Media and Email

Web Authentication Working Group,

Topical are:


  1.
obtaining the name on a certificate
  2.
obtaining the certificate authority for a certificate
  3.
indicating a list of certificate authorities for filtering a certificate store when the user is to select a certificate from a store through the UA.

Pertinent scenarios include:


  1.
strongly authenticating users (e.g. for social media websites or web-based e-mail sites)
  2.
digitally signing web-based e-mail messages (e.g. hotmail, gmail, etc.)

Let’s Encrypt is an example of a free, automated and open certificate authority (https://letsencrypt.org/ , https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/).

Operating system vendors can also provide free certificates, authenticating users with credit or debit card information.  It could be that an OS-issued certificate costs 0.01 USD and that the penny transaction is to authenticate the user before providing them a certificate with their name as it appears on their operating system initialization and their billing address.  It could be that obtaining such a certificate could be part of initializing operating system installations.  The user entering their credit or debit card information could also be part of initializing an operating system digital wallet and an app store experience.

Thank you, I look forward to discussing these topics with you.


Best regards,
Adam Sobieski
http://www.phoster.com/about/

Received on Wednesday, 2 August 2017 23:40:38 UTC