- From: Brian Smith <bsmith@mozilla.com>
- Date: Tue, 19 Jul 2011 00:06:07 -0700 (PDT)
- To: Ben Adida <ben@adida.net>
- Cc: WebID XG <public-xg-webid@w3.org>, dev-identity@lists.mozilla.org, Henry Story <henry.story@bblfish.net>
Ben Adida wrote: > We don't think we can effectively reuse TLS while meeting our > requirement that relying parties should have a very easy job. > > (a) we think TLS is wrong for RPs, you think it should be leveraged. Just to be precise, when you say "TLS" you mean "TLS client certificates," right? AFAICT, the relying party absolutely must implement TLS (HTTPS) as both a client and as a server for BrowserID to be secure and privacy-protecting. Cheers, Brian
Received on Tuesday, 19 July 2011 07:06:50 UTC