W3C home > Mailing lists > Public > public-web-security@w3.org > February 2015

Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 02 Feb 2015 13:50:32 +0100
Message-ID: <54CF7298.1020603@gmail.com>
To: Harry Halpin <hhalpin@w3.org>, Siva Narendra <siva@tyfone.com>, Brad Hill <hillbrad@fb.com>
CC: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Lu HongQian Karen <karen.lu@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, "PHoyer@hidglobal.com" <PHoyer@hidglobal.com>
On 2015-02-02 12:15, Harry Halpin wrote:
<snip>
> Although SOP should be respected, right
> now the lack of support for client support in a particular class of high
> security applications that are forced to be, for example, Chrome
> extensions or native apps due to their necessitating that cryptographic
> operations be under the control of the user's client device without
> ability for the server to modify the code.

A souped-up version of Chrome native messaging could allow *independent parties*
to support any security application regardless if it talks 7816 APU or GP TEE TA.

in addition you would be able to use the security- and privacy-model that is most
appropriate for the actual application.

Payments (if done in the right way like Apple Pay), doesn't in any way match
the web security model if you with that mean SOP.

If Jeff wants to see any of this http://www.w3.org/2015/01/banker_payments.pdf
happen during his tenure, I believe you need a rebooted effort.

Anders
Received on Monday, 2 February 2015 12:51:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 February 2015 12:51:06 UTC