- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 18 May 2014 09:59:01 +0200
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: "public-webid@w3.org" <public-webid@w3.org>
- Message-ID: <CAKaEYhKK6PVQc6A8X08wafcc01QHt6xXWmHE1GdwNJDncdgEdA@mail.gmail.com>
On 18 May 2014 09:40, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > On 2014-05-18 09:22, Melvin Carvalho wrote: > > > > > > > > On 18 May 2014 08:54, Anders Rundgren <anders.rundgren.net@gmail.com<mailto: > anders.rundgren.net@gmail.com>> wrote: > > > > This limitation has been discussed in various W3C forums for at > least two years. > > As far as I know *none* of the browser vendors have ever commented > on this. > > > > To me that says: The browser vendors do not care about HTTPS CCA > (Client > > Certificate Authentication) at all. > > > > Hoping for improvements in HTTPS CCA is a pure waste of time; it is > better > > start playing with other authentication technologies. There are > such. > > > > > > FWIW > > > > Personally, I *love* this feature, since, like most people, I dont use a > shared computer. > > > > Let's face it, if you shared your computer, you've lost all your > security already ... > > I don't disagree but banks do not like the idea that you may be logged in > for > days without doing anything. It all goes back to the fact that HTTPS CCA > is > incompatible with established methods for maintaining web sessions. > Surely they can just break the session on the server side, then. Like they do already with cookies? > > That's all. > > Anders > > Anders > > > > > > > > > > Anders > > > > > >
Received on Sunday, 18 May 2014 07:59:33 UTC