Re: browser change; little, nothing or a lot?

On 12 Feb 2011, at 10:45, Henry Story wrote:

> On 12 Feb 2011, at 02:24, peter williams wrote:
>> Define a new cert-type like PGP did (hello extension..)
>    Could be useful, but clearly independent of the UI issue. There would be a big format war to decide there, and it's not clear what the advantage is going to be, apart from reduction of bugs due to ASN.1 parsing problems. So here I think there needs to be a lot more work done finding the benefits. My guess is that this should be done after wide deployment of WebID, because then the advantages of what should go into such a certificate will be a lot more obvious.

Much more important than cert-type in my view will be implementation of the results of the IETF keyassure group in the browser. 

See their first draft:

That will make it much easier to deploy https on the server, and have a lot of other security advantages, that will be obvious to browser vendors quite apart from the needs of WebID.


Received on Saturday, 12 February 2011 10:09:26 UTC