On 30 May 2016, at 4:14 PM, Harry Halpin <hhalpin@ibiblio.org> wrote: > Some folks are using <keygen>, although I think everyone has been notified of the upcoming deprecation quite a while ago and so hopefully are preparing for a post-<keygen> world if they use client certs in the browser outside of TLS (such as for authentication). One deployment, MIT is working to moving to OpenID with Duo two-factor. > > It has been requested not to remove it until the replacement is ready, and I think WebAuthn fulfils the requirements in a way that is coherent with the Web Security Model. I urge the working group to engage the crypto community and let the crypto community decide on what is or isn’t a replacement for keygen. No “proxy auth” based system like OpenID is able to replace the capabilities of client certificates. > Here's the WebAuthn schedule - so thus, one-factor cryptographic authentication should be working across most browsers later in the year, as early as October. So far, the Working Group has been moving very fast. I would also urge the working group to treat any attempt at rushing this issue with a significant amount of skepticism. Regards, Graham —Received on Monday, 30 May 2016 16:36:51 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:14 UTC