W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: Crypto HW Requirements (why it is out of scope)

From: Harry Halpin <hhalpin@w3.org>
Date: Wed, 23 Nov 2011 22:37:12 +0100
Message-ID: <4ECD6788.5090806@w3.org>
To: Anders Rundgren <anders.rundgren@telia.com>
CC: "public-identity@w3.org" <public-identity@w3.org>
On 11/23/2011 07:02 AM, Anders Rundgren wrote:
> The main point with crypto hardware is strong protection of secret/private keys, right?
>
> If an API doesn't make it possible to distinguish if keys are created in crypto hardware
> or are stored in a file on the harddisk, such an API seems fairly useless from an issuer
> perspective.

Anders,

Note that distinguishing where a key came from is in the "secondary" 
features list that has to be given a concrete use-case, requirements, 
and have agreement from implementors.   I would suggest you read the 
current version of the charter (both on wiki and in HTML now) before 
making commentary. This has been a problem in the past.

However, I would note that there are plenty of non-smartcard use-cases 
for a common JS crypto API, but I do hope we can accomdate smartcards in 
a way that actually has uptake from implementers or make any spec 
smartcard-specific.

> I'm pretty sure that this is addressed in the Google Wallet but this scheme is currently
> secret so I don't see how we (at this stage) could even have a meaningful dialog
> about methods and requirements regarding schemes for supporting crypto hardware.
>
> Microsoft has also publicly demonstrated Win8/TPM and U-Prove/smart card schemes
> without disclosing any details on how keys are provisioned.
>
> Trying to create related standards under these circumstances is IMHO simply put silly.
>
> I don't consider my own effort in this space a "standardization effort" since it doesn't
> build on existing crypto hardware or software standards.  I don't believe the latter is
> even workable as a starting point for both political and technical reasons.
>
> Anders
>
Received on Wednesday, 23 November 2011 21:37:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 23 November 2011 21:37:06 GMT