W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: A WebID Implementation => HTTPS Client Certificate Authentication lacks a useful filter mechanism.

From: Mo McRoberts <Mo.McRoberts@bbc.co.uk>
Date: Tue, 20 May 2014 07:27:25 +0000
To: Henry Story <henry.story@bblfish.net>
CC: "Kingsley (Uyi) Idehen" <kidehen@openlinksw.com>, "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <052138F1-3F93-4EE2-8B53-CCE1BCFA52D7@bbc.co.uk>

On  2014-May-20, at 05:03, henry.story@bblfish.net wrote:

> The only way I know of for server to signal something about certificate selection to the client is via the
> certificates_list message. This was explained in more detail in ISSUE-62, in this message for example:


Yes, the only way specced at present. A TLS extension is straightforward enough ó itís only sent by servers if the client indicated in its ClientHello that it supports it. For example, thereís an experimental extension for using PGP keys for authentication:

http://tools.ietf.org/html/rfc5081

Servers and clients which donít support it (which in the case of this extension is virtually all of them), continue unaffected.

M.

--
Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.

Inside the BBC? My movements this week: http://neva.li/where-is-mo








-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------
Received on Tuesday, 20 May 2014 07:27:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC