W3C home > Mailing lists > Public > public-hb-secure-services@w3.org > July 2016

Re: [hardware based secure services CG] minutes of our call today

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 26 Jul 2016 18:11:56 +0200
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "'public-hb-secure-services@w3.org'" <public-hb-secure-services@w3.org>
Cc: Rigo Wenning <rigo@w3.org>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <68eb5b23-d7f8-d3c8-c74f-620906017c5e@gmail.com>
On 2016-07-26 16:50, GALINDO Virginie wrote:
> [16:12] <marko> https://github.com/w3c/websec/issues/91
> [16:13] <virginie_> Sébastien : we had some exchanges with anders, adn we may discuss it with him later
> [16:15] <virginie_> Colin : we dont really want to delay our work with such a problems


I don't see that this is a "problem" since it actually describes a "solution".

A real "problem" IMO, is that (AFAICT...) no deeper research into the fundamental issues have been performed.  I.e. this CG is de-facto a research project.

I wouldn't spend tons of energy nit-picking charters under such circumstances, but rather making sure that the members investigate various methods for dealing with issues like the ones raised in the problem statement.

Note that research sometimes (quite often actually) returns the answer "No, it doesn't work" and that's completely OK.  There are already lots of W3C drafts out there that have been converted into notes because the proponents either couldn't come up with a viable solution or that other roads to the same problem space proved to be more promising.

As a "hand-on" engineer I would explore this field by targeting a few sample applications and see where that leads.  EMV payments on the Web is an obvious candidate since this is what Apple and Google have already done, albeit by calling "Apps" from the Web.

Anders Rundgren
Principal, WebPKI.org
Received on Tuesday, 26 July 2016 16:12:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:52:47 UTC