W3C home > Mailing lists > Public > public-web-security@w3.org > February 2015

[WebCrypto.Next] "Plan B" - Chrome Native Messaging

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 03 Feb 2015 02:16:40 +0100
Message-ID: <54D02178.7020801@gmail.com>
To: "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
CC: Siva Narendra <siva@tyfone.com>, Ryan Sleevi <sleevi@google.com>, Harry Halpin <hhalpin@w3.org>, Brad Hill <hillbrad@fb.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Lu HongQian Karen <karen.lu@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, POTONNIEE Olivier <Olivier.Potonniee@gemalto.com>, "PHoyer@hidglobal.com" <PHoyer@hidglobal.com>
FWIW, I have "buried" my efforts putting security HW in the browser (beyond FIDO)
since the [theoretical] problems encountered were simply put insurmountable.

By pure accident I found this recent posting by Ryan Sleevy:
https://lists.w3.org/Archives/Public/public-webcrypto-comments/2015Jan/0000.html

Inside the posting there's a link to this super-cool technology (Chrome Native Messaging)
which was recommended to a person wanting to use PKCS #11 for a web-based signature application:
http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html

Anyway, Chrome Native Messaging could be maybe improved to even better support
various security-applications so I did some "polishing" which can be found here:
http://webpki.org/papers/web2native-bridge.pdf

I'm pretty sure that Apple Pay in its next iteration will use a variant of
native messaging to make the wallet equally useful on the web.  Yes, it will
have the same look-and-feel and security on the web as in a shop which is a
way better idea than building a specific wallet for the web.

Anders
Received on Tuesday, 3 February 2015 01:17:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 3 February 2015 01:17:15 UTC