- From: Colin Gallagher <colingallagher.rpcv@gmail.com>
- Date: Thu, 22 Jan 2015 08:42:25 -0800
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: public-web-security@w3.org
- Message-ID: <CABghAMgT8UMM453DWz-8VUy-Uu7uho41s7By-=xV3g7bZHJLug@mail.gmail.com>
Anders, I think the features you discuss are or were taken up by Web Payments at http://www.w3.org/community/webpayments/ However, some important factors which have doomed any 1. Useful, and 2. Safe web wallet development, Are the following: A. Innovation killers within web payments group itself that discouraged or just plain destroyed possibilities of permissionless, free and open collaboration without conditions imposed... by this I am referring to the horrifying CLA for the Web Payments group that they required you agree to even to jump onto a conference call or mailing list (you have to have agreed to license your Essential Claims against a gigantic, innovation killing CLA that I and others in the bitcoin community refused to agree to in Feb 2014 thus ending the possibility (from my perspective) of a collaboration with Payswarm / W3C Web Payments) B. Payswarm has helped push this W3C web payments thing along from what I heard, but I don't agree it's been helping anyone. See http://digitalbazaar.com/payswarm/ - sounds nice, but is unrealistic. Web wallets such as Coinbase and Bitpay that already have huge userbase and appeal are themselves soon to become a dying business model for the following reasons: a. The cromnibus. Provisions adopted at end of 2014 (buried deep in the Intelligence provisions) made it so that any and all customer info which would be handled by third party services could be disclosed to government at any time. With no warrant, but rather as a result of broad, sweeping requests. b. Legality issues. Russia, (Putin), UK (Cameron), U.S. (Obama), Belarus (some info minister whose name I forget, who said that recently that the whole internet was now subject to "the fatherland" of Belarus). These idiot politicians are providing us with a legacy of insecurity and attacks on encryption and innovation generally. A growing number of countries consider virtual currency to be illegal. So legality cannot be a concern here for us, we cannot be constrained by these concerns when the larger concerns are how do we ensure users have access to the systems of encryption that politicians are now in the process of making illegal? The concern must be moving beyond the Web for payment, because in that context it is broken. c. Repository issues. If your virtual currency is supported as a corporate model (you are an LLC or something) you are going to get threatened with shutdown by another corp (probably one of many anonymized front corps that can easily be created for this purpose) or by a government. If you are serious about preserving your repository in the face of multiple aggressive state actors, or by numerous competitors (including, moving into 2016, DAO type competitors, that are autonomous and non-human), you need to mirror into different places before your project becomes known (not just github or bitbucket), have multiple offline copies with different names in different locations, and instructions to friends to make sure copies can be checked against signatures periodically. On Jan 22, 2015 6:16 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com> wrote: > In this somewhat dated document, applications like on-line banking and > credit-card processing are mentioned: > http://www.w3.org/2012/webcrypto/wiki/Use_Cases > > A number of reasons to why this probably won't happen are outlined in this > document: > http://webpki.org/papers/payments/webcrypto-4-payments.pdf > > Although currently not particularly useful, something along the following > lines could prove to be a > more workable solution for a wide range of crypto-using applications > including eID and payments: > http://blog.chromium.org/2013/10/connecting-chrome-apps-and- > extensions.html > > In fact, the entire idea of having a browser-level wallet needs > reconsideration, since it would lead to > local payments and web payments having different "Look-and-feel", > Security, API, etc. characteristics. > > That is, "calling" a local (native) application like a wallet from the web > is the most likely future > solution. According to insiders this exactly what Apple is currently > working with in order to extend > the functionality of their (r)evolutionary Apple Pay system. > > I suggest that a feasibility study is performed and if it turns out > positive, be used for chartering > a new WG which would serve as a replacement for the missing WebCrypto > "secondary features". > > Anders > >
Received on Thursday, 22 January 2015 16:45:41 UTC