Re: Digital signatures in the browser from Tony Arcieri on 2018-03-07 (public-web-security@w3.org from March 2018)

From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 7 Mar 2018 15:38:16 -0800
To: NAZARE GONCALVES Bruno Goncalo <brunogoncalo.nazare@ext.europarl.europa.eu>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <CAHOTMVLznsvqgAOgumdGAV2x=e4=3Zh25N0xwT2o=v2izzXudg@mail.gmail.com>

Depending on what you mean by "smartcard" and how flexible your needs are,
FIDO U2F can be used to accomplish this in Chrome and Firefox today with no
additional software. Though U2F is an authentication standard, what it
exposes to the browser is effectively an API for performing ECDSA
signatures (w\ NIST P-256 elliptic curve) using an origin-specific key.

On Wed, Mar 7, 2018 at 8:05 AM, NAZARE GONCALVES Bruno Goncalo <
brunogoncalo.nazare@ext.europarl.europa.eu> wrote:

> Dear Web Security IG,
>
> I'm currently working for the European Parliament, looking for upcoming
> solutions to the problem of creating digital signatures with a smartcard
> directly from a web page, without resorting to additional software.
>
> Thus, I would like to ask if there are any efforts currently underway to
> support this use case or if any will be undertaken in the foreseeable
> future.
>
> I'm aware of the following initiatives that could be somewhat related:
>  - WebCrypto Key Discovery (https://www.w3.org/TR/webcrypto-key-discovery/
> )
>  - Web API For Accessing Secure Element (http://globalplatform.github.
> io/WebApis-for-SE/doc/)
>  - Hardware Based Secure Services features (https://rawgit.com/w3c/
> websec/gh-pages/hbss.html)
>
> Have these been considered already? If so, what's the current sentiment
> surrounding them? If not, are there any plans to analyse these or similar
> solutions in the foreseeable future?
>
>
> Best Regards,
> Bruno GONÇALVES
> Functional Analyst External Provider
>
> European Parliament
> Directorate-General for Innovation and Technological Support
> Directorate for Development and Support
> Evolution and Maintenance Unit
> brunogoncalo.nazare@ext.europarl.europa.eu
> www.europarl.europa.eu
>
>
>
> Ce message contient des informations confidentielles à l'intention
> exclusive du destinataire. Il ne peut être utilisé, divulgué ou copié de
> quelconque façon que ce soit par une personne autre que le destinataire
> désigné. Si vous n'êtes pas le destinataire désigné, merci de contacter
> l'expéditeur et d'effacer ce message. L'expéditeur de ce message n'est pas
> mandaté à représenter le Parlement européen. Dès lors, ce message ne
> constitue pas nécessairement le point de vue officiel du Parlement
> européen, ni un engagement juridique opposable à ce dernier.
> This message contains confidential information intended solely for the
> attention of the named addressee. It may not be used, disclosed or copied
> in any way whatsoever by anyone else than the intended addressee. If you
> are not the intended addressee, please contact the sender and delete this
> message. The sender of this message is not authorized to represent the
> European Parliament and therefore this message does not necessarily reflect
> the official position of the European Parliament and is not legally binding
> upon it.
>
>
>
>


-- 
Tony Arcieri

Received on Wednesday, 7 March 2018 23:39:04 UTC