Re: UseCase : Strong Personal Identity Certificate by CA from Mountie Lee on 2012-08-13 (public-webcrypto-comments@w3.org from August 2012)

From: Mountie Lee <mountie.lee@mw2.or.kr>
Date: Mon, 13 Aug 2012 17:08:59 +0900
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: public-webcrypto-comments@w3.org
Message-ID: <CAE-+aY+H=dJyRZ9BjLO+FrqUXVd+c+C8j11_kCtL2E67HrKpng@mail.gmail.com>

Hi.
I meant
CA can issue personal certificate ONCE with strong identity validation.
I did not though two factor authentication or others PER USE.

I can search http://www.symantec.com/verisign/digital-id
but the cert is not enough to trust the personal identity.

just I expect the new ca service like "Digital ID with Extended Validation"
as use case.
because of web crypto API.

best regards
mountie.


On Mon, Aug 13, 2012 at 4:35 PM, Anders Rundgren
<anders.rundgren@telia.com>wrote:

> On 2012-08-13 07:46, Mountie Lee wrote:
> > I think following use case can be considered.
> >
> > CA issues strong personal identity certificates.
> > it can be equivalent level to EVSSL on server side.
> >
> > current personal certificate issued by CA is just checking email
> validity.
> >
> > if web crypto API is widely accepted in major user agents
> > certificate in user agents will have more functionality by using API.
> >
> > as a CA, they can consider to issue new type of certificate with strong
> personal identity validation.
>
> Hi Mountie,
>
> Certificate provisioning is AFAIK outside of WebCrypto scope.
>
> Banks and government agencies in the EU currently deploy their own
> software for provisioning since none of the user agents out there support
> provisioning of two-factor (key + PIN) authentication tokens [1].
>
> Well, this wasn't entirely correct.  When there is a *business incentive*
> to support provisioning of two-factor tokens, it is (of course) honored:
>
> http://googlecommerce.blogspot.co.uk/2012/08/use-any-credit-or-debit-card-with.html
>
> Regards,
> Anders
>
> 1] If you only need a client certificate and HTTPS you can use existing
> schemes like <keygen> and "CertEnroll".
>
> >
> > regards
> > mountie.
> >
> > =======================================
> > PayGate Inc.
> > THE STANDARD FOR ONLINE PAYMENT
> > for Korea, Japan, China, and the World
> >
> >
> >
> >
>
>
>

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Monday, 13 August 2012 08:10:00 UTC