- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 15 Dec 2014 10:46:18 -0000
- To: "Anders Rundgren" <anders.rundgren.net@gmail.com>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>
> http://lists.w3.org/Archives/Public/public-webcrypto-comments/2014Dec/0011.html > > "That is, there is no secure way to expose these legacy hardware > devices to a (hostile) web. > Note I say insecurable because having to resort to prompting the user > is fundamentally > ceding security" Again, note that this is why we stated with Web Crypto API and not with hardware tokens, as its an easier problem. Of course, hardware providers may have to change parts of their design and middleware to deal with the Web. That's the topic. > > Anders > >
Received on Monday, 15 December 2014 10:46:19 UTC