- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Thu, 09 Feb 2012 08:20:57 +0100
- To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- CC: "public-identity@w3.org" <public-identity@w3.org>
On 2012-02-09 02:04, Henry B. Hotz wrote: > > On Feb 8, 2012, at 11:50 AM, Anders Rundgren wrote: > >> Anyway, I let you continue with whatever you do in peace; I stick to >> the Open Source/Hardware route and skip standardization. > > I'm honestly not trying to be hostile, but if this is how you feel why are you here? Well, I started by attending the workshop in May 2011. After that a bunch of interesting but completely unrelated "web identity" initiatives surfaced which made me come to the conclusion that this isn't for me at least. BTW, I haven't seen a single posting from Microsoft or Apple regarding DomCrypt. I honestly believe they are not really here either... > >> There are >> no surefire successes in this space and I wish you luck. >> >> Anders >> >>>> On 02/08/2012 06:30 AM, Anders Rundgren wrote: >>>>> IMO smart >>>>> cards using non-domain-restricted credentials such as PIV must not be exposed >>>>> on the web; they can only be used by trusted applications such as TLS. >>>>> >>>>> Anders > > I have absolutely no idea what you are trying to say here. Well, from the discussions 2011 it seems that you are not alone :-( If you take a look a Microsoft's CertEnroll you have a system which is broken due to a misunderstood web security and privacy concept. > 1) I'd hardly call TLS a "trusted application"; The TLS code is supplied by the browser vendor which differs in trustworthiness from arbitrary transient code from a web-site. > 2) A PIV card is a well-defined client credential, with good security properties. Yes, but if you let arbitrary web code access it you won't be able maintaining these properties. >Obviously, if someone can *otherwise* break in to the machine it's > plugged into, it can be at least temporarily hijacked. > Is that what you mean by "exposed on the web"? No, see above. > Is the phrase "non-domain-restricted credentials" as > Microsoft-centric as it sounds, or are you referring to DNS? If I understood it right the current DomCrypt presumes that the issuer=relying party=domain for its keys. This idea has severe usage limitations but is at least secure in the sense that an RP can only screw-up for himself. Going beyond that is a different story and AFAICT, possibly not even related to DomCrypt. It would have been great knowing a bit more about things like Google's Wallet and Microsoft's W8/TPM2 stuff but apparently we cannot. Cheers, Anders member of Trusted Computing Group > > ------------------------------------------------------ > The opinions expressed in this message are mine, > not those of Caltech, JPL, NASA, or the US Government. > Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu > >
Received on Thursday, 9 February 2012 07:21:36 UTC