W3C home > Mailing lists > Public > public-webpayments@w3.org > August 2014

Re: W3C WebCrypto.Next Conference

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Mon, 11 Aug 2014 10:42:33 +0200
Message-ID: <CA+eFz_LjrJJry7oX9_fN6Kycgz2ZVaKLCg2CvODe21ybH8_vTA@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Web Payments CG <public-webpayments@w3.org>
On 11 August 2014 08:53, Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:

> http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/Overview.html
>
> I hope to go (my position two papers were accepted) but I'm rather
> uncertain
> that the outcome actually will very clear since there are two fundamentally
> different approaches:
> - Evolution: Adopt the web-platform to existing smart cards etc
> - Revolution: Create complete systems from scratch
>
> FIDO represents the latter.   It doesn't build on smart card APDUs and
> cannot run on top of standard crypto APIs like PKCS #11.
>
> Personally, I'm also into revolution since smart cards and PKCS #11 were
> not designed to be invoked by arbitrary web-code which calls for entirely
> new protection strategies like SOP.  The only "traditional" technology
> (IMO) worth preserving is PKI.


+ 1

Smart-card systems require non-standard niche hardware that itself must be
secure/tamper proof.
Not a sustainable answer in my opinion. Hardware is increasingly becoming a
simple physical interaction point for the Web.
If the hardware can't be produced so cheap as to become ubiquitous (USB
dongles) it will struggle to become incorporated into that Web.


>
> Anders
>
>
Received on Monday, 11 August 2014 08:43:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:38 UTC