- From: Mitar <mmitar@gmail.com>
- Date: Mon, 22 Feb 2016 22:26:50 -0800
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Tim Berners-Lee <timbl@w3.org>
Hi! On Mon, Feb 22, 2016 at 10:19 PM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > IMO, the core problem isn't really the diminishing support for the eID use > case in browsers (it was never that great anyway...), but the inability for third > parties extending the Web in a reasonable and interoperable way. But with web crypto, I think this position paper is really on point: https://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/Using_the_W3C_WebCrypto_API_for_Document_Signing.html How hard it would be to add a way to ask a browser for client signing key? With exportable bit set to off. You would ask for that, browser would prompt to user to confirm it, user would confirm it, you would sign. Or we could have <keysignature> HTML from element which would just add a signature of the form body when submitting it to the server. And browser could ask the user if they want to sign this form with this content before submitting. Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m
Received on Tuesday, 23 February 2016 06:27:41 UTC