- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Fri, 24 May 2013 05:25:46 +0200
- To: Ryan Sleevi <sleevi@google.com>
- CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On 2013-05-23 19:08, Ryan Sleevi wrote: > Please note that this topic has been discussed at great length in this > WG, including a variety of proposals and issues. Dear Ryan, A better description is that the WG have slashed/ignored all proposals like the for example Samuel Erdman's excellent idea: Optionally adding an origin specifier to a pre-provisioned key. A revamped Key Discovery draft offering _key_enumeration_ and _key_attribute_retrieval_ could easily support both Netflix' and the "eID community's" use-cases. It should of course continue to be an add-on specification so that Google wouldn't have to implement it :-) > Our archives are public - > http://lists.w3.org/Archives/Public/public-webcrypto/ - and may prove > instructive for understanding why there are serious security and > usability issues with what you propose. > > Further, short of a rechartering, I do not think it would be a > fruitful venue to continue the discussion of smart cards. It seems that this issue popped up at "home" as well: http://goo.gl/DFLnS Rechartering is not necessary since explicit provisioning of smart cards would be more complex than the entire Web Crypto specification is to date. Based on my experience I would even claim that this isn't possible to standardize smart card provisioning unless you do as I propose (and Google soon will as well...), which is defining a specific "Web Token". This will get its own standard some day. Cheers Anders > > Cheers > >
Received on Friday, 24 May 2013 03:26:23 UTC