- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Sun, 27 Nov 2011 21:14:53 +0100
- To: channy@gmail.com
- CC: "public-identity@w3.org" <public-identity@w3.org>
On 2011-11-27 19:15, Channy Yun wrote: > 2011/11/28 Anders Rundgren <anders.rundgren@telia.com> > >> On 2011-11-27 16:54, Channy Yun wrote: >>> Dear all, >>> >>> Avoiding confusing ... please refer to >>> http://www.w3.org/community/webcryptoapi/2011/09/15/why-web-crypto-api/ >>> Korean's use-cases and web cryptography. >> >> I don't think the DomCrypt use-case fits banks for several reasons like: >> >> - The concept of PIN and associated policy is completely missing >> - Signatures with WYSIWYS seems to be missing as well. >> >> If you are really interested in this, I think we should go somewhere >> else. US banks are *not* into PKI and signatures. >> >> > Thanks for your comment :) > > But, I think DOMCrypt or (my WebCrypto API) is basically suitable for > Korean bank use cases for treatment of personal certificate in default use > of Korean internet banking. PIN and other policy (and OTP) are just 2 > factor authentification and is not related to PKI functions. EMV-cards have local PINs. It is not the customer who decides if the payment credentials should be PIN-protected or not, it is the issuer. If on-line issuance can't do maintain such a facility there's a big risk it won't reach very far. BTW, GlobalPlatform (although IMHO rather useless in other respects) can actually do that today. GP is probably the foundation for the Google Wallet. Anders > > I think signatures with WYISIWUS can be made by JS API not browser default > UI as like old crypto.signText. > > Except US banks, many of European banks and government procuement sites are > into *PKI and signatures* including Korean sites. > > Channy >
Received on Sunday, 27 November 2011 20:15:36 UTC