- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 30 Jul 2015 17:12:52 +0200
- To: Web Payments CG <public-webpayments@w3.org>
Melvin C provided this link. Thanx! https://groups.google.com/forum/#!msg/mozilla.dev.platform/pAUG2VQ6xfQ/FKX63BwOIwAJ <https://groups.google.com/forum/#%21msg/mozilla.dev.platform/pAUG2VQ6xfQ/FKX63BwOIwAJ> Although KEYGEN is pretty useless, Google/Ryan's take on X.509 certificate authentication on the web is way off. It seems that the security/privacy concerns have now reached a level where everybody is focusing *crippling* browsers. As a user of X.509 authentication to e-governments I can attest that it is very convenient to not have a separate key or password for every little department out there. How can I trust the departments for not tracking me? Well, Google's U2F will effectively require an email address everywhere and that is *at least as* tracking as a certificate with an SSN (which obviously is only used in contexts where an SSN is relevant). That is, non-tracking is a combination of legal, technical and trust-issues. The hope that some cool tech-stuff completely solves this is simply silly, unless you go to extremes which probably only a fraction of all users are interested in. Anders
Received on Thursday, 30 July 2015 15:13:23 UTC