On 25 Sep 2012, at 17:45, Ben Laurie <[email protected]> wrote: > On 25 September 2012 16:07, Henry Story <[email protected]> wrote: >> >> On 25 Sep 2012, at 16:45, Stephen Kent <[email protected]> wrote: >> >>> Henry, >>> >>>>> WebID is not in the charter for this WG. If you want to discuss S/MIME >>>>> and WebID, you are free to do so elsewhere, of course. There is no need >>>>> for you to Cc this WG on that work. >>>> Neither I suppose is TLS, or MIME btw, or many other standards that are >>>> discussed on this list. But knowing that they exist has always been >>>> important to IETF practice. It's called: not re-inventing the wheel. But I >>>> see you have a problem with that. Sorry to have hurt your feelings. >>> If you were to read the DANE charter >>> (https://datatracker.ietf.org/wg/dane/charter/) >>> you would see that TLS is cited 5 times, so your supposition above is wrong >>> with regard to >>> its first assertion. >> >> Thanks. But not MIME - So the point holds well enough :-) >> >> Anyway, the webid spec >> >> http://www.w3.org/2005/Incubator/webid/spec/ >> >> also is very clearly tied to TLS, and would benefit a lot from DANE being >> deployed. So my interest in DANE is not a side issue. The strongest pushback >> against WebID ( and so using client certificates ) is the cost of server >> certificates for most players. > > You mean people who aren't using HTTPS to secure logins care about WebID?
People who are not using HTTPS to secure logins won't have very secure logins (even passwords require protection). I am speaking about pushback from people who are serious about security (not counting the TOR type super security folks - but I will show that WebID works there too). > >> ( the next strongest is the inability to logout from all but Firefox >> browsers ) > > Am I really the only one who cares about usability? Firefox usability (of client certs) sucks. All the others are pretty good, and could easily be made better by a little work from the browser vendors. I demonstrate that very clearly in the video on http://webid.info/ . Now why browser vendors like Firefox don't do the few weeks work to get useability working is beyond me. I think it is partly because they don't understand how useable they could make client certificates with WebID. Henry Social Web Architect http://bblfish.net/ _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
