[cabfpub] Final Minutes of CA/B Forum call March 17, 2016

Ryan Sleevi sleevi at google.com
Wed Apr 6 00:05:44 MST 2016


On Apr 5, 2016 11:32 PM, "Mads Egil Henriksveen" <
Mads.Henriksveen at buypass.no> wrote:
> Whether the application vendors eventually will use the EU TL or not is
another discussion. We know that Adobe already has integrated the EU TL
with their own AATL, but there seems to be more resistance against this
from browsers.
>

It is worth noting that the Adobe use case (document signing) is a
fundamentally different notion than Website Authentication. There, the use
of the TSL is for the purpose of eIDs - a use case I think the TSL and the
accompanying regulatory framework are quite useful for (save for the
unfortunate notion of non-repudiation). However, they are not using it for
QWACs - a separable and distinct context.

However, for the web, whose fundamental security model is intrinsically
linked to the domain, rather than any other form of identity (legal or
cryptographic), and for which a broad international, multi-stakeholder,
non-governmental approach is used to manage, develop, and use, QWACs
provide no fundamental technical value, severe ecosystem harm, and undue
complexity costs, so it should be no surprise that they are uninteresting
as a feature or as means to improve the TLS ecosystem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160406/fbe54a8c/attachment.html 


More information about the Public mailing list