W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > November 2012

Pre-provisioned Key Storage/Discovery: Under-Researched

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Fri, 30 Nov 2012 22:07:57 +0100
Message-ID: <50B9202D.2070204@telia.com>
To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
I don't think that a separate draft is the best approach for a next immediate step.

Pre-proviosioned keys is an entirely different ball-game than [the IMO slightly less interesting] origin-based dittos.

If the WG is serious about pre-provisioned keys you need to research the processes, as well as the security and privacy issues if the result is going to be generally useful.

BTW, if Netflix is the only WG party actively working with pre-provisioned keys it seems that the team is a little bit on the thin side.

No, I don't want to participate in this effort; I'm already walking along the same path as GlobalPlatform [*] which according to Ryan is at odds with the web security model (requires signed JS that runs unaffected by potentially malicious surrounding application code).

Oh well, **** the web security model :-)

Anders

*] http://code.google.com/p/seek-for-android/wiki/AccessControlIntroduction
also Featured in the Google Wallet, EMV cards, etc.
Received on Friday, 30 November 2012 21:08:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 30 November 2012 21:08:37 GMT