On Apr 5, 2016 11:32 PM, "Mads Egil Henriksveen" < [email protected]> wrote: > Whether the application vendors eventually will use the EU TL or not is another discussion. We know that Adobe already has integrated the EU TL with their own AATL, but there seems to be more resistance against this from browsers. >
It is worth noting that the Adobe use case (document signing) is a fundamentally different notion than Website Authentication. There, the use of the TSL is for the purpose of eIDs - a use case I think the TSL and the accompanying regulatory framework are quite useful for (save for the unfortunate notion of non-repudiation). However, they are not using it for QWACs - a separable and distinct context. However, for the web, whose fundamental security model is intrinsically linked to the domain, rather than any other form of identity (legal or cryptographic), and for which a broad international, multi-stakeholder, non-governmental approach is used to manage, develop, and use, QWACs provide no fundamental technical value, severe ecosystem harm, and undue complexity costs, so it should be no surprise that they are uninteresting as a feature or as means to improve the TLS ecosystem.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
