Re: Request for feedback: DOMCrypt API proposal

Richard:

This API is a pure web application API. I would like to study how we can extend this API for use with smart cards as there are a few use cases here as well. I would really like for someone with experience writing code for smart cards to help me figure this out.

Cheers,

David

----- Original Message -----
From: "Richard L. Barnes" <rbarnes@bbn.com>
To: "David Dahl" <ddahl@mozilla.com>
Cc: public-web-security@w3.org
Sent: Sunday, June 5, 2011 8:45:34 PM
Subject: Re: Request for feedback: DOMCrypt API proposal

I apologize if this question is obvious; I haven't had a chance to read the document yet.

Is there any notion of how this document relates to the PKCS11 standard for interfacing to crypto devices?  
<http://en.wikipedia.org/wiki/PKCS11>

PKCS11 clearly has more things than the DOMCrypt API would require (e.g., the ability to select and log into different devices).   But it seems like it would simplify implementation for browsers if they could just present a script with something logically equivalent to a virtual PKCS11 device, probably one per origin.  Especially given that at least one browser (Firefox) can use PKCS11 to talk to hardware devices.

--Richard

Received on Monday, 6 June 2011 14:11:11 UTC