- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Mon, 05 May 2014 18:57:27 -0400
- To: public-webid@w3.org
- Message-ID: <53681757.600@openlinksw.com>
On 5/5/14 3:28 PM, Andrei Sambra wrote: > There is another aspect that most people tend not to see right away. > X.509 certs and the whole PKI system has suffered several blows > recently, with less and less people trusting the CA system. I'm pretty > sure that banks are aware of this when they consider whether to deploy > X.509 client certs for their customers. > > Compared to PKI, WebID-TLS (even with its UI issues) still remains a > strong candidate, since it doesn't rely on CAs, but instead on the WOT > and asymmetric crypto (which was proven to work well so far). > > -- Andrei That's it in a nutshell. The flaws in CA controlled PKI are bleeding, as demonstrated by Heartbleed. Anders: There are many aspects to what de-referencable URIs (e.g., HTTP URIs) as denotation mechanisms offer. Even more so when combined with structured data endowed with human and machine comprehensible entity relationship semantics. Ironically, as I've indicated to you repeatedly, I have used your examples, including the technologies you've referenced thus far. My confidence in the utility, an eventual mass adoption, of webby PKI remains resolute :-) Kingsley > > > On Mon, May 5, 2014 at 12:09 PM, Anders Rundgren > <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> > wrote: > > Around 2005 Microsoft announced its pretty cool Information Card > concept with > the hope that for example banks would adopt it. > > I told Microsoft folks early on that banks in the EU have already > put their > money on X.509 certificates but unfortunately they can't use the > solution > featured in Windows and IE. If you fix that, they may indeed jump > on the > Information Card bandwagon. > > Microsoft did neither listen to me nor checked with the banks what > the problem > could possibly be. > > Six years later they were forced withdrawing the entire > Information Card concept > from the market due to lack of adoption. It goes without saying > that they haven't > considered making X.509 client authentication useful for > bank-users even in the most > recent incarnations of Windows; they have rather opted for U2F > like the competition. > > What I wanted to say with this is that "denial" is a human and > natural reaction, > but if the condition stays forever, it becomes a problem. > > In the WebID-TLS case the "defection" to U2F by all platform > vendors except Apple > and Mozilla indicates that it's time to "Kill Your Darlings" and > move on. > > Anders > > -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter Profile: https://twitter.com/kidehen Google+ Profile: https://plus.google.com/+KingsleyIdehen/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 5 May 2014 22:57:49 UTC