W3C home > Mailing lists > Public > public-identity@w3.org > December 2011

CertEnroll JS Crypto API

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Thu, 01 Dec 2011 13:07:02 +0100
Message-ID: <4ED76DE6.7040302@telia.com>
To: "public-identity@w3.org" <public-identity@w3.org>

If you read the comments you can see that you need to muck around with "IE security"
settings in order to get it to work.  IMNSHO, this demonstrates the general uselessness
of the JS-based crypto API approach for performing crypto operations in general purpose
("open") crypto modules.

Feel free to try, but do not expect the browser vendors to implement something which is
broken already on the drawing board.

The only workaround I'm aware of is creating "applications" like the already available
TLS stuff which indeed doesn't expose any API to untrusted browser code.
The SK/KeyGen2 token provisioning scheme builds on the same time-proven principles.

Gemalto once tried to open smart cards to web access:
AFAICT, they don't seem to push this concept too hard these days :-)

Received on Thursday, 1 December 2011 12:07:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:00:47 UTC