Re: Web Cryptography Working Group scoping progressing... from Channy Yun on 2011-11-07 (public-identity@w3.org from November 2011)

From: Channy Yun <channy@gmail.com>
Date: Mon, 7 Nov 2011 19:24:49 +0900
To: David Dahl <ddahl@mozilla.com>
Cc: Brian Smith <bsmith@mozilla.com>, public-identity@w3.org
Message-ID: <CAG5Kj5GWKdqgcqzz1coDn0FH=fY_LDQSnS5pJJ8F6FJ0ou3rVg@mail.gmail.com>

Hi, all.

I know your first job is the primitive APIs for cryptography.

But, many of use-cases in Cryptography API focused in CA service system
with personal certificates.
But, this is hard to consider another working group because of PKI based
systems.
(Most of countries has own national CA system based on plug-in issuing
personal certificate such as China, Japan, Spain and Brazil etc.)

How about adding parallel works for *Web Certificates (Service)
API*supporting these one?
We can add these as a scope including TLS/SSL based login/out with personal
certificate and its management api(backup, restore)
and follow up HSM based certificate.

p.s. of course, it's not only secure authentification, but also needs with
connection of two factor method.

Channy
---------------------
Tech Evangelist : Web 2.0, Web Standards, Open Source and Firefox
http://channy.creation.net

2011/11/4 David Dahl <ddahl@mozilla.com>

> I think this is something that we can keep on a "roadmap". The scope of
> the crypto API will necessarily be narrow for the first iteration, adding
> any kind of UI is something we should plan for in a later iteration.
>
> Cheers,
>
> David
>
> ----- Original Message -----
> From: "Brian Smith" <bsmith@mozilla.com>
> To: channy@gmail.com
> Cc: public-identity@w3.org
> Sent: Thursday, November 3, 2011 6:44:31 PM
> Subject: Re: Web Cryptography Working Group scoping progressing...
>
> Channy Yun wrote:
> > 3) Some of functions as like key pare generation and digital signature
> > generation require browser's user interface. It needs universal
> > interface guideline for security issues.
>
> Are smartcard digital signatures on transactions like the ones required in
> e-commerce / e-banking transactions in Korea, China, and elsewhere (tied to
> "real" legal identities) going to be considered in scope? From reading the
> draft scope document, I got the impression that this would be out of scope.
> I think it is OK for it to be out of scope, as long as there is some other
> (formal or informal) group working on standardizing this. It is a high
> priority for us.
>
> Cheers,
> Brian
>
>

Received on Monday, 7 November 2011 13:08:36 UTC