- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 30 Jul 2015 17:54:51 +0200
- To: Kingsley Idehen <kidehen@openlinksw.com>, public-webid@w3.org
On 2015-07-30 17:44, Kingsley Idehen wrote: > On 7/30/15 11:11 AM, Anders Rundgren wrote: >> These do not rely on KEYGEN and only occasionally on TLS Client Cert >> Auth. The >> interest in understanding why seems to very limited in this CG. In >> similarity to >> FIDO alliance the majority of these solutions are using >> application-level authentication >> rather than transport-level ditto. The latter is more suited for VPNs >> than the Web. >> >> Anders > > So what? > > Your comments have zilch to do with WebID-TLS (which is HTTPS + > relations lookup facilitated by WebIDs). Kingsley, The alternative schemes (and FIDO) accomplish the same thing as HTTPS CCA, which is binding a certificate/key to a site. The WebID lookup is an an extra step which can be performed equally well by the alternative methods. It is technically about the same as doing an OCSP lookup after receiving a certificate. Anders
Received on Thursday, 30 July 2015 15:55:25 UTC