W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > December 2012

Certificate Enrollment- Already done?

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Fri, 21 Dec 2012 06:33:47 +0100
Message-ID: <50D3F4BB.5030600@telia.com>
To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Adding certificate enrollment to the Web Crypto API is trivial; a certificate is just an attribute.

Although my knowledge of IndexedDB is sort of limited
(  https://developer.mozilla.org/en-US/docs/IndexedDB/Basic_Concepts_Behind_IndexedDB )
it seems (please don't kill me if I'm wrong...) that you could store a certificate in an
"associated" table without even touching the Web Crypto API.

That is, to achieve the level of functionality offered by <keygen> and friends you are probably already there :-)

I don't see that CMC, CMP, SCEP, EST or anything of that kind would add any interesting to the plot
since these schemes do not support an end-to-end security provisioning concept.

However, for the thorny subject known as "Banking Transactions" certificate enrollment is not
enough, you rather need a token management scheme like SCPnn used in Google's Wallet.
Gemalto have proposed a webbified version of this in W3C:

    http://lists.w3.org/Archives/Public/public-sysapps/2012Jun/0058.html

The problem (as I see it...) is that there's no defined "bridge" between the Web Crypto API
and *real* banking technology such a featured in the Google Wallet.

Anders
Received on Friday, 21 December 2012 05:34:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 21 December 2012 05:34:26 GMT