Re: Charter Proposal: "Trusted Code" for the Web from Rigo Wenning on 2015-03-29 (public-web-security@w3.org from March 2015)

From: Rigo Wenning <rigo@w3.org>
Date: Sun, 29 Mar 2015 17:21:14 +0200
To: public-web-security@w3.org
Cc: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, Mike West <mkwst@google.com>, Anne van Kesteren <annevk@annevk.nl>
Message-ID: <1659663.LpUXVzWtFY@hegel>

Virginie, 

On Wednesday 18 March 2015 12:58:27 GALINDO Virginie wrote:
> I don’t see how you can state that this is a replacement of the smart card
> effort, without even consulting the companies supporting it.

I don't see that such an effort is "replacing" the smart card effort. I think 
both will benefit from each other as it is one thing to have trusted (signed?) 
code. But from my work with trusted computing, I also know that the key trust 
has to come from somewhere. And here, as in the TPM, trusted hardware can play 
a role. I don't know whether I want the full processing be solely on the smart 
card (you could do that, I know), but a system could allow for a combination. 

So, no, it does NOT replace work on smart cards, but it could complement that 
work. 

 --Rigo

Received on Sunday, 29 March 2015 15:21:25 UTC