W3C home > Mailing lists > Public > public-credentials@w3.org > November 2015

Re: Solutions to the NASCAR problem?

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 24 Nov 2015 10:44:44 -0500
Message-ID: <565485EC.3080403@digitalbazaar.com>
To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
On 11/24/2015 04:55 AM, David Chadwick wrote:
> I have talked to some fido developers and they have said that they 
> can give our code access to public keys. So assuming this is true, 
> then our code will send this to the issuer in a new message, asking 
> for a signed credential to be returned. This is all additional to 
> standard FIDO messages

To be clear, the system you are proposing doesn't work unless the FIDO
devices expose this information to the developer in a widely deployed
way (for example, 75% of the browser market implements it). At present,
no one exposes this information?

I'm not asserting that it can't be done, just that you've put the
browser manufacturers in the critical path with no planned Working Group
to do what you need and that has typically resulted in delays of
multiple years (which we, the companies that are attempting to deploy
product into the marketplace, don't have).

That said, I still (personally) want to dive into the work you've done
because I think it's interesting and maybe there is another way to
achieve what you want w/o having such a reliance on the browser vendors
and HSM vendors.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Web Payments: The Architect, the Sage, and the Moral Voice
Received on Tuesday, 24 November 2015 15:45:09 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:26 UTC