Alexey Feldgendler <[EMAIL PROTECTED]>, 2006-11-02 15:23 +0600: > On Thu, 02 Nov 2006 14:27:33 +0600, Anders Rundgren <[EMAIL PROTECTED]> wrote: > > > - A "process" that differs from authentication from the user's point of view > > This is a problem of browser UI design, not of web standards.
What do you expect might happen when N different browser vendors each go off on their own and, working in isolation from one another, independently design and implement their own interfaces for handling what we've been discussing? > As I say above, this should be solved at browser UI level. The > browsers should make it clear to the user that presenting a > client-side certificate to a website is effectively an act of > disclosing and proving the user's identity, and that every piece > of information he sends to the server (every user action) is > non-repudiable. I'd love to hear some concrete suggestions on how you'd propose going about making that all clear to users through the browser UI. I just hope it's not a dialog box with text saying "Presenting a client-side certificate to a website is effectively an act of disclosing and proving your identity, and every piece of information you send to the server (every action) is non-repudiable", with a checkbox that says "Don't show me this warning next time." > (And, of course, presentation of any client-side > certificates to the server should be optional, easily > switchable, and obviously indicated.) Again, what do you expect would happen when N different browser vendors -- without getting together with one another to work on any kind of specification for a mechanism for handling all that -- independently design and implement their own mechanisms? --Mike
smime.p7s
Description: S/MIME cryptographic signature
