I have not heard from a single participant with experience in smart cards or desiring smart cards who would desire to see all issued certificates re-issued to support the scheme. It also fails to take into the serious security considerations that would exist if a certificate was provisioned for example.com, but then the certificate issuer lost control over example.com. While you're correct that a proposal is a proposal, I think your time would be better served - as would those who are interested in CMP and more complex KMS - to first draft a set of problem statements and reach consensus on the problems that you're trying to solve, rather than continually approaching the WG with proposals that you believe solve your problem, but do not do so in a clear and direct way. On Wed, Feb 12, 2014 at 1:33 PM, Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > Ladies and Gentlemen, > > A year ago I submitted a pretty complex proposal for adding X.509 and > smart card capabilities > to WebCrypto based on a "bridging" scheme. Approximately the same time a > fellow developer > in this field Samuel Erdtman of NexusSafe suggested a much simpler way > forward, albeit still > building on a bridge concept. > > Following the golden rule that "less is more" I have with Samuel's > permission merged a > minor portion of my API ideas with his concept: > > http://webpki.org/papers/PKI/x509-webcrypto-extension-scheme.pdf > > Enjoy! > > Anders Rundgren > >
Received on Wednesday, 12 February 2014 23:15:54 UTC