Re: TAG Working Draft: Keygen and Client Certificates from Tony Arcieri on 2015-12-02 (public-webpayments-ig@w3.org from December 2015)

From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 1 Dec 2015 16:01:01 -0800
To: Ian Jacobs <ij@w3.org>
Cc: Web Payments IG <public-webpayments-ig@w3.org>
Message-ID: <CAHOTMV+3DJZ37MitTXPmGtZS9dZ1QaXYzG48_PdFk4BrXJwT=A@mail.gmail.com>

I like the general tone of this document, but it raises more questions than
answers.

I think the IETF Token Binding group ("unbearable") has already been
working on the answer to the questions raised in this document:

http://www.browserauth.net/

On Tue, Dec 1, 2015 at 8:56 AM, Ian Jacobs <ij@w3.org> wrote:

> Hi Web Payments IG,
>
> W3C’s Technical Architecture Group (TAG) [1] has published a Working Draft
> of:
>
>  Keygen and Client Certificates
>  https://w3ctag.github.io/client-certificates
>
> Abstract:
>
>   "The TAG considers the HTML <keygen> element and its use cases; related
> security issues are also reviewed and requirements and a recommendation to
> replace <keygen> is presented.”
>
> Those interested in Web security may wish to read the document, and at the
> top there are instructions for providing feedback directly to the TAG.
>
> Ian
>
> [1] http://www.w3.org/2001/tag/
> --
> Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
> Tel:                       +1 718 260 9447
>
>
>
>


-- 
Tony Arcieri

Received on Wednesday, 2 December 2015 00:01:50 UTC