W3C home > Mailing lists > Public > public-webid@w3.org > July 2015

Re: google proposing to deprecate KEYGEN

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 30 Jul 2015 17:54:51 +0200
To: Kingsley Idehen <kidehen@openlinksw.com>, public-webid@w3.org
Message-ID: <55BA48CB.1050301@gmail.com>
On 2015-07-30 17:44, Kingsley Idehen wrote:
> On 7/30/15 11:11 AM, Anders Rundgren wrote:
>> These do not rely on KEYGEN and only occasionally on TLS Client Cert
>> Auth.  The
>> interest in understanding why seems to very limited in this CG. In
>> similarity to
>> FIDO alliance the majority of these solutions are using
>> application-level authentication
>> rather than transport-level ditto.  The latter is more suited for VPNs
>> than the Web.
>>
>> Anders
>
> So what?
>
> Your comments have zilch to do with WebID-TLS (which is  HTTPS +
> relations lookup facilitated by WebIDs).

Kingsley,

The alternative schemes (and FIDO) accomplish the same thing as HTTPS CCA,
which is binding a certificate/key to a site.  The WebID lookup is an an extra
step which can be performed equally well by the alternative methods.  It is
technically about the same as doing an OCSP lookup after receiving a certificate.

Anders
Received on Thursday, 30 July 2015 15:55:25 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 30 July 2015 15:55:25 UTC