W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: WebID-TLS lacks server logout

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 18 May 2014 09:40:28 +0200
Message-ID: <537863EC.9060209@gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
CC: "public-webid@w3.org" <public-webid@w3.org>
On 2014-05-18 09:22, Melvin Carvalho wrote:
> 
> 
> 
> On 18 May 2014 08:54, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> 
>     This limitation has been discussed in various W3C forums for at least two years.
>     As far as I know *none* of the browser vendors have ever commented on this.
> 
>     To me that says: The browser vendors do not care about HTTPS CCA (Client
>     Certificate Authentication) at all.
> 
>     Hoping for improvements in HTTPS CCA is a pure waste of time; it is better
>     start playing with other authentication technologies.  There are such.
> 
> 
> FWIW
> 
> Personally, I *love* this feature, since, like most people, I dont use a shared computer.
> 
> Let's face it, if you shared your computer, you've lost all your security already ...

I don't disagree but banks do not like the idea that you may be logged in for
days without doing anything.  It all goes back to the fact that HTTPS CCA is
incompatible with established methods for maintaining web sessions.

That's all.

Anders

Anders


>  
> 
> 
>     Anders
> 
> 
Received on Sunday, 18 May 2014 07:41:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC