- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 24 Nov 2019 07:23:09 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
Hi Manu, From the ZCAP-LD draft: "Web-based applications could provide choice in Key Management Systems -- potentially allowing customers to bring their own Key Management Systems with them just as they bring their own devices today" Wouldn't it be logical to have KMSes in these devices as well? I may [surely] be biased but this is at least what my 10Y+(!) SKS/KeyGen2 project builds on. The (ab)use of W3C's PaymentRequest made it pretty cool as well :-) https://cyberphone.github.io/doc/web/calling-apps-from-the-web.pdf The use-case you mention like car keys are very interesting but I can't imagine that car keys would be stored anywhere but in client devices. Now, how do you get such keys? In my world through (non-standard) authentication to a service provider. I.e. I (FWIW) do not see that an end-user would ever talk directly to a cloud-HSM, that's reserved for service providers. Regards, Anders https://cyberphone.github.io/doc/security/keygen2.html
Received on Sunday, 24 November 2019 06:23:16 UTC