- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 19 Sep 2013 20:45:38 +0200
- To: public-webpayments@w3.org
- CC: Kumar McMillan <kmcmillan@mozilla.com>
On 2013-09-19 19:05, Kumar McMillan wrote: > On Sep 19, 2013, at 9:39 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > >> http://www.w3.org/wiki/images/6/6f/SysApp_-_Secure_Element_API_-_intro.pdf > Hi Anders. > What page (or discussion) linked to that? Just curious. I couldn't find anything when searching. http://www.w3.org/2012/sysapps/ Your college Mounir Lamouri presumably knows Mozilla's position on this. > >> Should I/We be worried? >> Not very, Google, Apple and Microsoft have expressed any support for this. > I'm not sure what there is to worry about but I'm not an expert in the area. Well, it all boils down to where and how keys are stored in mobile devices. The SE API comes from the operator-side. In the EU people have toyed with this since late 90'ties with mostly bad results. Therefore I'm building on that the CPU will hold the SE: http://asset0.cbsistatic.com/cnwk.1d/i/tim2/2013/09/11/ARMv8-improvements_610x394.jpg The SIM/USIM will eventually disappear. > For context, this API was proposed for Firefox OS to achieve NFC related features. A patch has been proposed here https://bugzilla.mozilla.org/show_bug.cgi?id=879861 but keep in mind the bug tracker is for implementation updates, it's not a discussion forum. If you want to voice concerns about this API the dev-webapi list would be a good place https://lists.mozilla.org/listinfo/dev-webapi As with any API though, it may not be the ultimate method for talking to devices securely. Work on this API is being done to reach parity with existing [native] mobile systems. And as with all things open source, proposing an alternative API would be most effective if the proposal contained a patch :) SKS/KeyGen2 is a complex system that would require participation/buy-in from the entire platform group to get anywhere. Microsoft introduced Information Cards, U-Prove and most recently VSC (Virtual Smart Cards) without doing that. It didn't work... Anders > > Kumar
Received on Thursday, 19 September 2013 18:46:12 UTC