Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution

On Mon, Feb 2, 2015 at 1:54 PM, Siva Narendra <> wrote:

> Ryan -- if we are able to collaborate and come up with a web
> implementation architecture that not only encompassed FIDO, but also
> equally viable standards such as PIV Derived Credentials [1] and EMV
> Tokenization [2]....and such standards to come in other industries, will
> you be supportive of it. Or, you do not want to support anything other than
> Same question for Anders and Brad.
> Best,
> Siva
> [1]
> [2]

I'll echo what I've said publicly for the last three years:
- If a proposal is put forward that can reasonably consider the Web
Security model and fit within the privacy goals, it will be considered.

You've put forward a false dichotomy by suggesting it's "FIDO or legacy"

Without evaluating [1] or [2], if they cannot or do not fit the web
security model, then unquestionably, I oppose and will continue to oppose
them. FIDO respects these goals - and was designed with them first and
foremost in mind - so it absolutely deserves consideration.

There has yet to be a proposal that demonstrates how [1] or [2], or any of
the other legacy APDU systems, can be done in a way that preserves and
respects security and privacy at the right layer (the origin). So
naturally, I see no reason to block FIDO from being exposed, especially
when three years have passed - in which time FIDO was written, implemented,
and made mass-market available - while no such earnest efforts appear to
have happened for legacy.

Received on Monday, 2 February 2015 21:59:56 UTC