- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Tue, 11 Dec 2012 07:29:18 +0100
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
I read this document with interest:
http://dvcs.w3.org/hg/webcrypto-usecases/raw-file/536a63a3f94c/Overview.html
I still think there is a fundamental thing missing and that is a list of things that banks have proved to be interested in.
There are valid reasons to why banks tend to replace the platforms' PKI client and I don't think it has much to do with javascript.
In addition it looks pretty short-sighted dealing with "soft keys" when standard devices from leading vendors already comes with security hardware:
http://www.microsoft.com/en-us/download/details.aspx?id=29076
BTW, the message encryption use-case is pretty weak; HTTPS + "strong" user authentication has effectively replaced message encryption for all but the most sensitive data (to which ordinary financial statements do not belong). The S/MIME folks have tried this for decades and failed so why would you succeed?
I see static encryption as something that is primarily used inside of protocols. As a stand-alone solution password-based encryption schemes like featured in PDF have proved to be far more useful than schemes relying on asymmetric key distribution. Devices come and devices go, and suddenly you can read that document anymore!
Anders
Received on Tuesday, 11 December 2012 06:31:36 UTC