Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution

On 2015-02-02 12:15, Harry Halpin wrote:
> Although SOP should be respected, right
> now the lack of support for client support in a particular class of high
> security applications that are forced to be, for example, Chrome
> extensions or native apps due to their necessitating that cryptographic
> operations be under the control of the user's client device without
> ability for the server to modify the code.

A souped-up version of Chrome native messaging could allow *independent parties*
to support any security application regardless if it talks 7816 APU or GP TEE TA.

in addition you would be able to use the security- and privacy-model that is most
appropriate for the actual application.

Payments (if done in the right way like Apple Pay), doesn't in any way match
the web security model if you with that mean SOP.

If Jeff wants to see any of this
happen during his tenure, I believe you need a rebooted effort.


Received on Monday, 2 February 2015 12:51:06 UTC