W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > October 2012

Re: Was: Draft Blog Post on Cryptography API, Now: Potential API recommendation caveats

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Tue, 09 Oct 2012 08:32:22 +0200
Message-ID: <5073C4F6.6010309@telia.com>
To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Mountie Lee <mountie.lee@gmail.com>
http://lists.w3.org/Archives/Public/public-webcrypto/2012Oct/0042.html

As I have explained there is also another solution which doesn't require the user to trust unknowns issuer or having the browser give carte-blanche trust to anybody having purchased a VeriSign code-certificate is to rather let issuers of keys decide which applications they trust through a signature:

http://webpki.org/papers/PKI/pki-webcrypto.pdf

Anders
Received on Tuesday, 9 October 2012 06:33:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 9 October 2012 06:33:04 GMT