W3C home > Mailing lists > Public > public-webpayments@w3.org > July 2015

Re: Google proposing to deprecate KEYGEN

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Fri, 31 Jul 2015 11:55:18 +0000
Message-ID: <CAM1Sok1A5jFD2pC_FeLWNqTKYm_+P6i+vfS+ddV3zF7aGm8bOw@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Web Payments CG <public-webpayments@w3.org>
+1

The lack of support for dataspaces is a nasty advancement since the age of
1.44MB disks and 486 with dialup.  At least then the idea of a person
storing their data external to the application was a nobrainer...

Question for society should be, how exactly are we advancing.  Why does
'choice of law' matter? When its realised traditional intellectual property
law does not apply well to data, when will they start defining resolutions,
from legislation, to linked-data education...

Perhaps we're living in the religious controls of silos...

That is assuming trust without accountability is simply the belief of
trust, rather than the pragmatic reality of striving for an effective means
of it, thereby something similar to a religious belief rather than a
pragmatic or scientifically accurate foundation, for trust.

On 01:14, Fri, 31/07/2015 Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:

> Melvin C provided this link.  Thanx!
>
>
> https://groups.google.com/forum/#!msg/mozilla.dev.platform/pAUG2VQ6xfQ/FKX63BwOIwAJ
> <
> https://groups.google.com/forum/#%21msg/mozilla.dev.platform/pAUG2VQ6xfQ/FKX63BwOIwAJ
> >
>
> Although KEYGEN is pretty useless, Google/Ryan's take on X.509 certificate
> authentication on
> the web is way off.  It seems that the security/privacy concerns have now
> reached a level
> where everybody is focusing *crippling* browsers.  As a user of X.509
> authentication to
> e-governments I can attest that it is very convenient to not have a
> separate key or password
> for every little department out there.  How can I trust the departments
> for not tracking me?
>
> Well, Google's U2F will effectively require an email address everywhere
> and that is *at least as*
> tracking as a certificate with an SSN (which obviously is only used in
> contexts where an SSN
> is relevant).
>
> That is, non-tracking is a combination of legal, technical and
> trust-issues.  The hope that some
> cool tech-stuff completely solves this is simply silly, unless you go to
> extremes which probably
> only a fraction of all users are interested in.
>
> Anders
>
>
>
>
Received on Friday, 31 July 2015 11:55:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:41 UTC