- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Thu, 03 Nov 2011 22:23:41 +0100
- To: Mike Hanson <mhanson@mozilla.com>
- CC: Harry Halpin <hhalpin@w3.org>, public-identity@w3.org
On 2011-11-03 21:44, Mike Hanson wrote: > On Nov 3, 2011, at 2:12 AM, Anders Rundgren wrote: >> >> 2. Other key access control schemes include restricting key-usage >> based on "app". Its already a part of Google's wallet. >> >> If the idea is going for the needs of the corporate, banking and >> financial markets, I think we/you are going to face major hurdles >> and excessive time-lines. > > Anders - I think I understand what you're saying, but words can be tricky. > Can you restate what you mean by "app" in this particular context? This may be an edge case seen from a strict web perspective but I consider the browser the ideal tool for enrolling keys, regardless if the keys are only to be consumed by the browser or by other applications ("apps"). The Google wallet is AFAIK self-contained and including enrollment (which makes the key app-binding simple...), but I believe the Wallet is more like a a "technology preview" so we shouldn't bother too much about that at this stage :-) Anyway, from a Mozilla perspective it would have a profound impact on NSS and PSM that would have to go one level down in the OS to be able to do perform secure app-binding. This is what I'm will do in my SKS/KeyGen2 project. This is also necessary for trusted PIN input which is about making it harder for "bad apps" misusing keys in the background. Anders > > -mh
Received on Thursday, 3 November 2011 21:24:28 UTC