W3C home > Mailing lists > Public > public-web-security@w3.org > November 2014

Re: [WebCrypto.Next] Why there won't be support for smart cards

From: Zijyfe Duufop <zdoofop@gmail.com>
Date: Sun, 9 Nov 2014 12:02:08 -0500
Message-ID: <CAO+vDUQv7x+7q6fh3cCq0tR+GopnGM69M22+aAZWxDJOBAsu8A@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
your claim about innovation is irrelevant because either one of the
platform vendors will be available for developers or they will use other
means of implementation.  Remember, there is no perfect solution to any
problem

On Sun, Nov 9, 2014 at 11:56 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> This somewhat [thought]provoking subject-line has a simple explanation:
> There is still no specification in spite of the topic being on the radar
> since years back.
>
> It doesn't appear possible creating such a specification as well:
>
> Imagine calling a method that does something like P11's C_Sign, what's
> supposed to happen?
> A browser-initiated dialog box saying: This application wants key XYZ to
> sign something but I don't know why and what, do you agree?
>
> Would installed and signed web applications help here?
> No, it would not because there is no obvious signer of such modules except
> the platform vendors which would severely impede innovation.
> Leaving the trust-decision to the user is not an option either, it would
> only open a floodgate to key miss-using malware.
>
> Anders
>
>
>
Received on Tuesday, 11 November 2014 00:01:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:22 UTC