W3C home > Mailing lists > Public > public-web-security@w3.org > March 2015

Re: [Web Crypto WG] draft Web Crypto WG charter : for your review and comments

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 12 Mar 2015 07:40:48 +0100
Message-ID: <550134F0.6040700@gmail.com>
To: Harry Halpin <hhalpin@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto-comments@w3.org" <public-webcrypto@w3.org>
CC: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>

Existing smart-card-using applications ranging from Windows login, SIM-cards in phones,
EMV-cards in payment terminals, HTTPS Client Certificate Authentication in browsers, to
the [now deprecated] custom signature browser-plugins, all share a common characteristic:
The smart card is accessed by "Trusted Code" which also holds associated UI.

Since the "Open Web" doesn't support this concept (transient web-code is by definition untrusted),
it is not possible to continue without first having a firm plan on how to deal with "Trusted Code".

Anders Rundgren
Received on Thursday, 12 March 2015 06:41:35 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 12 March 2015 06:41:35 UTC