Re: WebPayments through WebCrypto

On 08/02/2013 03:49 PM, Anders Rundgren wrote:
> I'm a "seasoned" developer in the PKI field with specific interests
> in the consumer space.  Ages ago I started with a thing I have seen
> debated in this and other list; the abysmal state of client-PKI
> support in browsers.

Dave Longley, who is one of the primary architects of PaySwarm, is also
the creator of the Forge JavaScript library and is on this mailing list.
He might have something to say about your proposal. For those unfamiliar
with Forge, it implements many of the most common crypto stack
algorithms (AES, RSA, PKCS, DES, SHA, ASN.1, TLS, etc.) in pure
Javascript (for the browser and node.js):

https://github.com/digitalbazaar/forge/

> Unfortunately I found that my scheme (as well as all its predecessors
> including HTML5's  <keygen>) is INCOMPATIBLE with the emerging W3C
> WebCrypto standard!

Have you checked the latest Web Crypto spec? The June 23rd one? It's
fixed a number of issues that existed before (we were just as baffled as
you a few months ago, but things seem to be improving wrt. the spec).

> That dynamically loaded "Trusted Chrome" is bound to specific keys
> may seem odd but it gives payment-networks the ability to optimize
> the GUI for the actual protocol as well as supporting branding
> options.

Would you be interested in joining us on a Web Payments call and
elaborating on this a bit more? I read your paper and still don't feel
like I have a good grasp of how the June 23rd Web Crypto spec would be
improved upon as a result of what you're proposing. Have you approached
the Web Crypto API folks about this? Perhaps if you were to join us on a
call and we record the audio and minute what you're saying, we can then
use that as an introduction to something that the Web Crypto API folks
might want to change?

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Meritora - Web payments commercial launch
http://blog.meritora.com/launch/

Received on Tuesday, 6 August 2013 01:34:55 UTC