- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Mon, 30 Jul 2012 07:43:30 +0200
- To: Mountie Lee <mountie.lee@gmail.com>
- CC: public-webcrypto-comments@w3.org
On 2012-07-30 07:06, Mountie Lee wrote: > Hi. > > I have comments for http://www.w3.org/2012/webcrypto/wiki/Use_Cases#B2C_personnal_information_exchange > > as a Korean Citizen > I receive many encrypted mails from card company or banks. > > the basic mechanism is as following. > the sender send mail with application download link and encrypted mail attachment. > the user is able to decrypt the mail attachment after installing the application via the link. > the passphrase is normally the last 7 digits of my personal SSN. > > the sender forces user installing application to their WINDOWS PC. > > I think we can not replace this case with web crypto implementations. > > because > > has conflict "same origin" policy of browser. > we can not make sure the email client has always web browsing capability > and the content is normally loaded from local file system. > > has alternatives > the sender can invite user to their web site > and verify user identity. > then show sensitive message on the web. Hi Mountie, That's a much better solution. Variants of this are established since 15 years back! It is IMO a web "de-facto" standard. Here I run into the question: Could the sender use Web Crypto to encrypt the message rather than TLS? To me it is unclear to me what the advantage would be. In fact the entire encryption part of Web Crypto is unclear to me. Anders > > so my comment is > remove those use case "B2C personnal message exchange" > (sorry Channy ^^!) > > best regards > > -- > Mountie Lee > > Tel : +82 2 2140 2700 > E-Mail : mountie@paygate.net <mailto:mountie@paygate.net> > Twitter : mountielee > > ======================================= > PayGate Inc. > THE STANDARD FOR ONLINE PAYMENT > for Korea, Japan, China, and the World > > > >
Received on Monday, 30 July 2012 05:43:58 UTC