W3C home > Mailing lists > Public > public-webid@w3.org > November 2014

Re: Browser usability of Certificates - List of issues

From: Jonas Smedegaard <dr@jones.dk>
Date: Fri, 21 Nov 2014 13:33:04 +0100
To: public-webid@w3.org
Message-ID: <20141121123304.4676.3362@bastian.jones.dk>
Quoting henry.story@bblfish.net (2014-11-21 12:58:43)
> On 21 Nov 2014, at 10:49, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:
>> On  2014-Nov-20, at 18:38, henry.story@bblfish.net wrote:
>>> It looks like a big issue you have is due to Certificate 
>>> Authorities. But once WebID removes that, what problems remain?
>> 
>> CAs are a very small part of the puzzle, to be honest. The 
>> complication they meaningfully add is a one-time affair, and it’s 
>> easily managed.
[...]
> In general CA requirements make it impossible to use for any company 
> smaller than the BBC. Particularly it makes it useless for individuals 
> or small companies, as without a CA nobody would recognise their 
> certificate. It would only be useable for their own site, in which 
> case username/passwords would be all that is needed.

I agree that CA is not always "easily managed", but it makes great sense 
to me to separate that from all of those other issues that are equally 
relevant for both large organizations and smaller environments.

BTW, Regarding CA for smaller (and non-)organizations (but arguably less 
relevant for WebID), EFF is working on <https://letsencrypt.org/>, 
seemingly in cooperation with Mozilla, so more likely to get better 
adoption than CAcert.org.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Received on Friday, 21 November 2014 12:33:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:50 UTC