[WebCrypto.Next] "Plan B" - Chrome Native Messaging

FWIW, I have "buried" my efforts putting security HW in the browser (beyond FIDO)
since the [theoretical] problems encountered were simply put insurmountable.

By pure accident I found this recent posting by Ryan Sleevy:
https://lists.w3.org/Archives/Public/public-webcrypto-comments/2015Jan/0000.html

Inside the posting there's a link to this super-cool technology (Chrome Native Messaging)
which was recommended to a person wanting to use PKCS #11 for a web-based signature application:
http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html

Anyway, Chrome Native Messaging could be maybe improved to even better support
various security-applications so I did some "polishing" which can be found here:
http://webpki.org/papers/web2native-bridge.pdf

I'm pretty sure that Apple Pay in its next iteration will use a variant of
native messaging to make the wallet equally useful on the web.  Yes, it will
have the same look-and-feel and security on the web as in a shop which is a
way better idea than building a specific wallet for the web.

Anders

Received on Tuesday, 3 February 2015 01:17:15 UTC