- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Tue, 14 Aug 2012 21:55:41 +0200
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Certificates may indeed support (more or less) arbitrary authentication tokens. That's at least how it is done in SKS: <CertficatePath ID="Key.1" MAC="ngSgmRuPE ... HlFWrM421wY="> <ds:X509Data> <ds:X509Certificate>MIIC2TCCAcGgAwIBAgS … NRT+VokJJsBecyALgeT0Dw==</ds:X509Certificate> </ds:X509Data> <SymmetricKey MAC="je7KiznTll … vInu7rcqcGkI=">vInt09Esmg94v … YU3tgIdhcNNby</SymmetricKey> <PropertyBag Type="http://xmlns.webpki.org/keygen2/1.0#provider.ietf-hotp" MAC="jIOHDgwI4dO7Kzs … uEH8MtykIS46JfiJ3N="> <Property Name="Counter" Value="0" Writable="true"/> <Property Name="Digits" Value="8"/> </PropertyBag> <Logotype MIMEType="image/png" Type="http://xmlns.webpki.org/keygen2/1.0#logotype.application" MAC="+crSq5fvfx+f … ZmRnhxlj0d=">iAAABKCAIAAACD … tm/AAALjUlEQVRA=</Logotype> </CertficatePath> This is an HOTP token with a logotype. The certificate makes key management and look-up identical to that of "real" certificates. Anders
Received on Tuesday, 14 August 2012 19:56:11 UTC