- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 10 Oct 2014 06:28:40 +0200
- To: Web Payments CG <public-webpayments@w3.org>
- CC: Kumar McMillan <kmcmillan@mozilla.com>, Jonas Sicking <jonas@sicking.cc>
When you see how much Apple has done on the client-side for iPhone 6 including a dedicated security element used for Apple Pay I begin to wonder if mozPay is really cutting it. mozPay appears to me as server-based "polyfill", waiting for the real thing. The NSS concept is more than 20 years old. I think it is time to scrap it together with its ancient comrade "keygen", particularly for Firefox OS. I doubt that any of the myriad of Android-based mobile banking applications use "keygen". How does this relate to the Web Payment CG? Well, since mozPay is referenced in various Web Payments CG documents there's obviously a dependency. A secure local keystore supporting context attributes is piece of cake and enables you to deploy pretty cool payment systems without relying on pre-installed payment applications: http://webpki.org/papers/PKI/EMV-Tokenization-SET-3DSecure-WebCryptoPlusPlus-combo.pdf#page=4 Yes, this concept requires major updates to the browser as well...but I'm talking about an architecture for secure web-applications so that's not too surprising, right? :-) Anders
Received on Friday, 10 October 2014 04:29:09 UTC