- From: Michael <mikes@opera.com>
- Date: Thu, 2 Nov 2006 18:55:54 +0900
Alexey Feldgendler <alexey at feldgendler.ru>, 2006-11-02 15:23 +0600: > On Thu, 02 Nov 2006 14:27:33 +0600, Anders Rundgren <anders.rundgren at telia.com> wrote: > > > - A "process" that differs from authentication from the user's point of view > > This is a problem of browser UI design, not of web standards. What do you expect might happen when N different browser vendors each go off on their own and, working in isolation from one another, independently design and implement their own interfaces for handling what we've been discussing? > As I say above, this should be solved at browser UI level. The > browsers should make it clear to the user that presenting a > client-side certificate to a website is effectively an act of > disclosing and proving the user's identity, and that every piece > of information he sends to the server (every user action) is > non-repudiable. I'd love to hear some concrete suggestions on how you'd propose going about making that all clear to users through the browser UI. I just hope it's not a dialog box with text saying "Presenting a client-side certificate to a website is effectively an act of disclosing and proving your identity, and every piece of information you send to the server (every action) is non-repudiable", with a checkbox that says "Don't show me this warning next time." > (And, of course, presentation of any client-side > certificates to the server should be optional, easily > switchable, and obviously indicated.) Again, what do you expect would happen when N different browser vendors -- without getting together with one another to work on any kind of specification for a mechanism for handling all that -- independently design and implement their own mechanisms? --Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2245 bytes Desc: not available URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20061102/87131107/attachment.bin>
Received on Thursday, 2 November 2006 01:55:54 UTC