- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Thu, 03 Nov 2011 22:23:41 +0100
- To: Mike Hanson <mhanson@mozilla.com>
- CC: Harry Halpin <hhalpin@w3.org>, public-identity@w3.org
On 2011-11-03 21:44, Mike Hanson wrote:
> On Nov 3, 2011, at 2:12 AM, Anders Rundgren wrote:
>>
>> 2. Other key access control schemes include restricting key-usage
>> based on "app". Its already a part of Google's wallet.
>>
>> If the idea is going for the needs of the corporate, banking and
>> financial markets, I think we/you are going to face major hurdles
>> and excessive time-lines.
>
> Anders - I think I understand what you're saying, but words can be tricky.
> Can you restate what you mean by "app" in this particular context?
This may be an edge case seen from a strict web perspective but I
consider the browser the ideal tool for enrolling keys, regardless
if the keys are only to be consumed by the browser or by other
applications ("apps"). The Google wallet is AFAIK self-contained
and including enrollment (which makes the key app-binding simple...),
but I believe the Wallet is more like a a "technology preview" so we
shouldn't bother too much about that at this stage :-)
Anyway, from a Mozilla perspective it would have a profound impact on
NSS and PSM that would have to go one level down in the OS to be
able to do perform secure app-binding. This is what I'm will do in my
SKS/KeyGen2 project. This is also necessary for trusted PIN input
which is about making it harder for "bad apps" misusing keys in
the background.
Anders
>
> -mh
Received on Thursday, 3 November 2011 21:24:28 UTC