The only thing missing, of course, is web user authentication technologies that scale to the Internet and have channel binding support.
I would like to see web userauth technologies that have support for channel binding. If such technologies were in widespread use then MITM CAs would be useless, therefore rare. Is it too late to work on this? The folks over at the ABFAB WG don't seem to think so, but I want more options than just Project Moonshot and Kerberos. Nico -- _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
