Re: The "korean bank" use-case from Channy Yun on 2011-11-27 (public-identity@w3.org from November 2011)

From: Channy Yun <channy@gmail.com>
Date: Mon, 28 Nov 2011 03:15:16 +0900
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: "public-identity@w3.org" <public-identity@w3.org>
Message-ID: <CAG5Kj5ERTGJKJU==W4bNf+NA+5pYxDpHAX6RFkmRgGT66ZbzWQ@mail.gmail.com>

2011/11/28 Anders Rundgren <anders.rundgren@telia.com>

> On 2011-11-27 16:54, Channy Yun wrote:
> > Dear all,
> >
> > Avoiding confusing ... please refer to
> > http://www.w3.org/community/webcryptoapi/2011/09/15/why-web-crypto-api/
> > Korean's use-cases and web cryptography.
>
> I don't think the DomCrypt use-case fits banks for several reasons like:
>
> - The concept of PIN and associated policy is completely missing
> - Signatures with WYSIWYS seems to be missing as well.
>
> If you are really interested in this, I think we should go somewhere
> else.  US banks are *not* into PKI and signatures.
>
>
Thanks for your comment :)

But, I think DOMCrypt or (my WebCrypto API) is basically suitable for
Korean bank use cases for treatment of personal certificate in default use
of Korean internet banking. PIN and other policy (and OTP) are just 2
factor authentification and is not related to PKI functions.

I think signatures with WYISIWUS can be made by JS API not browser default
UI as like old crypto.signText.

Except US banks, many of European banks and government procuement sites are
into *PKI and signatures* including Korean sites.

Channy

Received on Sunday, 27 November 2011 18:16:04 UTC