On Tuesday, September 25, 2012 at 6:12 PM, Ben Laurie wrote: > On 25 September 2012 17:06, Henry Story <[email protected] > (mailto:[email protected])> wrote: > > > > On 25 Sep 2012, at 17:45, Ben Laurie <[email protected] > > (mailto:[email protected])> wrote: > > > > > On 25 September 2012 16:07, Henry Story <[email protected] > > > (mailto:[email protected])> wrote: > > > > > > > > On 25 Sep 2012, at 16:45, Stephen Kent <[email protected] > > > > (mailto:[email protected])> wrote: > > > > > > > > > Henry, > > > > > > > > > > > > WebID is not in the charter for this WG. If you want to discuss > > > > > > > S/MIME and WebID, you are free to do so elsewhere, of course. > > > > > > > There is no need for you to Cc this WG on that work. > > > > > > Neither I suppose is TLS, or MIME btw, or many other standards that > > > > > > are discussed on this list. But knowing that they exist has always > > > > > > been important to IETF practice. It's called: not re-inventing the > > > > > > wheel. But I see you have a problem with that. Sorry to have hurt > > > > > > your feelings. > > > > > > > > > > > > > > > > If you were to read the DANE charter > > > > > (https://datatracker.ietf.org/wg/dane/charter/) > > > > > you would see that TLS is cited 5 times, so your supposition above is > > > > > wrong with regard to > > > > > its first assertion. > > > > > > > > > > > > > > > > > Thanks. But not MIME - So the point holds well enough :-) > > > > > > > > Anyway, the webid spec > > > > > > > > http://www.w3.org/2005/Incubator/webid/spec/ > > > > > > > > also is very clearly tied to TLS, and would benefit a lot from DANE > > > > being deployed. So my interest in DANE is not a side issue. The > > > > strongest pushback against WebID ( and so using client certificates ) > > > > is the cost of server certificates for most players. > > > > > > You mean people who aren't using HTTPS to secure logins care about WebID? > > > > People who are not using HTTPS to secure logins won't have very secure > > logins (even passwords require protection). I am speaking about pushback > > from people who are serious about security (not counting the TOR type super > > security folks - but I will show that WebID works there too). > > > > > > > > > ( the next strongest is the inability to logout from all but Firefox > > > > browsers ) > > > > > > Am I really the only one who cares about usability? > > > > Firefox usability (of client certs) sucks. All the others are pretty good, > > and could easily be made better by a little work from the browser vendors. > > I demonstrate that very clearly in the video on http://webid.info/ . Now > > why browser vendors like Firefox don't do the few weeks work to get > > useability working is beyond me. I think it is partly because they don't > > understand how useable they could make client certificates with WebID. > > Sigh. Why do I have to go over this every time? Usability in the > browser is only part of the problem, the rest are things like moving > between machines, dealing with revocation, migrating existing accounts > and so on. > >
… none of which are germane to DANE. --Richard
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
