Re: HTTPS Client Certificate Authentication - Browser Implementation Guidelines

On 2014-05-18 10:03, Timothy Holborn wrote:
> i doubt the response will be a unanimous migration to http://webpki.org/ ...

Of course not.  The US banks and the US government have no interest in consumer PKI
in the same way as they haven't introduced EMV-cards.

Anders

> 
> 
> On 18 May 2014 18:01, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> 
>     If the WebID folks including TimBL believe that the only problem is the UI, the most
>     logical thing to do would be creating a document like the subject line suggests.
> 
>     There is a risk that the vendors will simply laugh at such a request,  but that's much
>     better than promising improvements that so far haven't even been acknowledged by
>     those who are supposed to implement them.
> 
>     I would personally be very interested in hearing what the "right" session inactivity
>     timeout for logout is.  Client-side enforced logout requires TCP reset.
> 
>     Anders
> 
> 

Received on Sunday, 18 May 2014 08:39:22 UTC