W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: The "korean bank" use-case

From: Channy Yun <channy@gmail.com>
Date: Mon, 28 Nov 2011 03:15:16 +0900
Message-ID: <CAG5Kj5ERTGJKJU==W4bNf+NA+5pYxDpHAX6RFkmRgGT66ZbzWQ@mail.gmail.com>
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: "public-identity@w3.org" <public-identity@w3.org>
2011/11/28 Anders Rundgren <anders.rundgren@telia.com>

> On 2011-11-27 16:54, Channy Yun wrote:
> > Dear all,
> >
> > Avoiding confusing ... please refer to
> > http://www.w3.org/community/webcryptoapi/2011/09/15/why-web-crypto-api/
> > Korean's use-cases and web cryptography.
>
> I don't think the DomCrypt use-case fits banks for several reasons like:
>
> - The concept of PIN and associated policy is completely missing
> - Signatures with WYSIWYS seems to be missing as well.
>
> If you are really interested in this, I think we should go somewhere
> else.  US banks are *not* into PKI and signatures.
>
>
Thanks for your comment :)

But, I think DOMCrypt or (my WebCrypto API) is basically suitable for
Korean bank use cases for treatment of personal certificate in default use
of Korean internet banking. PIN and other policy (and OTP) are just 2
factor authentification and is not related to PKI functions.

I think signatures with WYISIWUS can be made by JS API not browser default
UI as like old crypto.signText.

Except US banks, many of European banks and government procuement sites are
into *PKI and signatures* including Korean sites.

Channy
Received on Sunday, 27 November 2011 18:16:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 27 November 2011 18:16:05 GMT