W3C home > Mailing lists > Public > public-credentials@w3.org > November 2019

Re: Proposed work item: WebKMS

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 24 Nov 2019 07:23:09 +0100
To: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
Message-ID: <32076546-28b0-5747-1b78-0adb51487787@gmail.com>
Hi Manu,
 From the ZCAP-LD draft:

   "Web-based applications could provide choice in Key Management Systems --
    potentially allowing customers to bring their own Key Management Systems
    with them just as they bring their own devices today"

Wouldn't it be logical to have KMSes in these devices as well?

I may [surely] be biased but this is at least what my 10Y+(!) SKS/KeyGen2 project builds on.
The (ab)use of W3C's PaymentRequest made it pretty cool as well :-)
https://cyberphone.github.io/doc/web/calling-apps-from-the-web.pdf

The use-case you mention like car keys are very interesting but I can't imagine that car keys would be stored anywhere but in client devices. Now, how do you get such keys? In my world through (non-standard) authentication to a service provider.  I.e. I (FWIW) do not see that an end-user would ever talk directly to a cloud-HSM, that's reserved for service providers.

Regards,
Anders
https://cyberphone.github.io/doc/security/keygen2.html
Received on Sunday, 24 November 2019 06:23:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:19:03 UTC