Hi,
sorry for warming up this topic, I've just been pointed here.
Am Donnerstag, 30. Juli 2015 01:35:49 UTC+2 schrieb David Keeler:
> Ryan Sleevi recently announced the pre-intention to deprecate and
> eventually remove support for the element and special-case
> handling of the appl
Awesome, thanks Ryan.
This cements my opinion on their fate. These are not just old and
crufty, they are actively harmful. They can't be removed soon enough.
I'm not fundamentally opposed to the notion of having some sort of
site control of client authentication in general, and maybe even TLS
c
I have some questions, to which I was unable to find answers for in
the (numerous and long) threads on this subject.
1. When we download and install a client cert, what checking do we do?
Do we insist upon it meeting the same algorithm requirements we have
for servers with respect to use of thing
> On 4 Sep 2015, at 22:43, Martin Thomson wrote:
>
> Henry, I would rather you attempt to address Ryan's point 5, namely:
>
> 5) just generates keys, and relies on
> application/x-x509-*-cert to install certificates. This MIME handling,
> unspecified but implemented by major browsers, represen
> On 4 Sep 2015, at 22:43, Martin Thomson wrote:
> Henry, I would rather you attempt to address Ryan's point 5, namely:
>
> 5) just generates keys, and relies on
> application/x-x509-*-cert to install certificates. This MIME handling,
> unspecified but implemented by major browsers, represents
>
Henry, I would rather you attempt to address Ryan's point 5, namely:
5) just generates keys, and relies on
application/x-x509-*-cert to install certificates. This MIME handling,
unspecified but implemented by major browsers, represents
yet-another-way for a website to make persistent modification
On Thursday, 30 July 2015 01:35:52 UTC+2, David Keeler wrote:
> [cc'd to dev-security for visibility. This discussion is intended to
> happen on dev-platform; please reply to that list.]
>
> Ryan Sleevi recently announced the pre-intention to deprecate and
> eventually remove support for the ele
On Sun, Aug 30, 2015 at 1:50 AM, Anne van Kesteren wrote:
> On Sun, Aug 30, 2015 at 7:33 AM, Tim Guan-tin Chien
> wrote:
>> It's also worthy to point out many nation-state deploys Smart Card
>> identifications (despite the privacy concern), allow it's citizens (or
>> subjects) to authenticate wit
On Thursday, 30 July 2015 20:32:07 UTC+2, Richard Barnes wrote:
> On Thu, Jul 30, 2015 at 6:53 AM, Hubert Kario wrote:
>
> > On Wednesday 29 July 2015 16:35:41 David Keeler wrote:
> > > [cc'd to dev-security for visibility. This discussion is intended to
> > > happen on dev-platform; please repl
On Thursday, 30 July 2015 12:34:30 UTC+2, Anne van Kesteren wrote:
> On Thu, Jul 30, 2015 at 12:28 PM, Teoli
> wrote:
> > Do you think it is already worth to flag it as deprecated in the MDN
> > documentation as Google plans to remove it too?
>
> Yeah, seems worth a note at least given that Micr
On Sun, Aug 30, 2015 at 12:10 PM, Anne van Kesteren
wrote:
> it seems they're not using either, so that solution was probably
> not sufficient either way.
>
At least in Spain, is the only way to generate a key pair inside
smartcard (using Firefox) before sending PKCS#10 to CA.
Then, you go to
On Sun, Aug 30, 2015 at 11:37 AM, Tim Guan-tin Chien
wrote:
> Indeed, banks in Taiwan are slowly rolling out OTA based
> authentications primary mobile app banking users, despite 100% of the
> ATM cards are already smart cards (required by legal mandate against
> forgery since 2006) and you can al
On Sun, Aug 30, 2015 at 5:37 PM, Tim Guan-tin Chien
wrote:
>> It seems a potential future for that which works within the web's
>> security model is FIDO, see
>>
>> https://fidoalliance.org/
>> https://support.google.com/accounts/topic/6103521
>
> Indeed, banks in Taiwan are slowly rolling out
Thanks for the note.
On Sun, Aug 30, 2015 at 1:50 PM, Anne van Kesteren wrote:
> On Sun, Aug 30, 2015 at 7:33 AM, Tim Guan-tin Chien
> wrote:
>> It's also worthy to point out many nation-state deploys Smart Card
>> identifications (despite the privacy concern), allow it's citizens (or
>> subject
On Sun, Aug 30, 2015 at 7:33 AM, Tim Guan-tin Chien
wrote:
> It's also worthy to point out many nation-state deploys Smart Card
> identifications (despite the privacy concern), allow it's citizens (or
> subjects) to authenticate with government services online.
It seems a potential future for tha
It's also worthy to point out many nation-state deploys Smart Card
identifications (despite the privacy concern), allow it's citizens (or
subjects) to authenticate with government services online.
Filing income tax online is the only use case for me personally to use
an Windows VM (for IE & Active
So...may I know if a decision was made?
element is marked as deprecated on MDN, and as stated by rsleevi,
Chrome seems will drop it.
Will Mozilla do the same? Do you have a roadmap/date for such change? It's
going to be supported "by now" until next call?
Please, consider we are *that little per
Hi
In our case, we use to generate a keypair on our SSCD (smartcard)
using Firefox, cause -with the PKCS#11 module configured-, it asks where to
store the keys, so the user select CARD.
Using Webcrypto or other JS stuff I wont be able to populate my smartcards,
so -IMHO- you should keep it as lo
On Thursday 30 July 2015 14:32:01 Richard Barnes wrote:
> On Thu, Jul 30, 2015 at 6:53 AM, Hubert Kario wrote:
> > On Wednesday 29 July 2015 16:35:41 David Keeler wrote:
> > > [cc'd to dev-security for visibility. This discussion is intended to
> > > happen on dev-platform; please reply to that li
On Thu, Jul 30, 2015 at 6:53 AM, Hubert Kario wrote:
> On Wednesday 29 July 2015 16:35:41 David Keeler wrote:
> > [cc'd to dev-security for visibility. This discussion is intended to
> > happen on dev-platform; please reply to that list.]
> >
> > Ryan Sleevi recently announced the pre-intention t
On Thu, Jul 30, 2015 at 6:33 AM, Anne van Kesteren wrote:
> On Thu, Jul 30, 2015 at 12:28 PM, Teoli
> wrote:
> > Do you think it is already worth to flag it as deprecated in the MDN
> > documentation as Google plans to remove it too?
>
> Yeah, seems worth a note at least given that Microsoft doe
On Wednesday 29 July 2015 16:35:41 David Keeler wrote:
> [cc'd to dev-security for visibility. This discussion is intended to
> happen on dev-platform; please reply to that list.]
>
> Ryan Sleevi recently announced the pre-intention to deprecate and
> eventually remove support for the element and
On Thu, Jul 30, 2015 at 12:28 PM, Teoli
wrote:
> Do you think it is already worth to flag it as deprecated in the MDN
> documentation as Google plans to remove it too?
Yeah, seems worth a note at least given that Microsoft doesn't ship it
either (nor plans to ever). I'll probably get the HTML Sta
On 30/07/2015 08:58, Anne van Kesteren wrote:
On Thu, Jul 30, 2015 at 1:35 AM, David Keeler wrote:
I therefore propose we follow suit and begin the process of deprecating
and removing these features. The intention of this post is to begin a
discussion to determine the feasibility of doing so.
On Thu, Jul 30, 2015 at 1:35 AM, David Keeler wrote:
> I therefore propose we follow suit and begin the process of deprecating
> and removing these features. The intention of this post is to begin a
> discussion to determine the feasibility of doing so.
Deprecating and adding counters seems meani
[cc'd to dev-security for visibility. This discussion is intended to
happen on dev-platform; please reply to that list.]
Ryan Sleevi recently announced the pre-intention to deprecate and
eventually remove support for the element and special-case
handling of the application/x-x509-*-cert MIME type
26 matches
Mail list logo
