- From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
- Date: Mon, 13 Aug 2012 17:07:38 +0200
- To: Mountie Lee <mountie.lee@mw2.or.kr>
- CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Anders Rundgren <anders.rundgren@telia.com>
- Message-ID: <076ED1F6CB375B4BB5CAE7873691360703902AD824D5@CROEXCFWP04.gemalto.com>
Mountie, Following your different exchanges over the public comment mailing with Anders, I think that it is important to mention that, being a Web Crypto WG member, you should be able to use the public-webcrypto@w3.org<mailto:public-webcrypto@w3.org> mailing list to interface with the Working Group on which only participants can send mails. Note that, FYI, Anders is not a participant of the Web Crypto WG - but monitoring accurately our activities. His view reflects his view and not necessarily the WG one. Regards, Virginie Gemalto Chair of the Web Crypto WG Ps : thanks Anders for sharing your thoughts on the different topics and keeping this public comment mailing list so 'lively' ;-) From: mountie@paygate.net [mailto:mountie@paygate.net] On Behalf Of Mountie Lee Sent: lundi 13 août 2012 11:23 To: Anders Rundgren Cc: public-webcrypto-comments@w3.org Subject: Re: UseCase : Strong Personal Identity Certificate by CA Hi. I'm not requesting more functions. it is the recommendation for adding use case. regards mountie. On Mon, Aug 13, 2012 at 5:40 PM, Anders Rundgren <anders.rundgren@telia.com<mailto:anders.rundgren@telia.com>> wrote: On 2012-08-13 10:08, Mountie Lee wrote: > Hi. > I meant > CA can issue personal certificate ONCE with strong identity validation. > I did not though two factor authentication or others PER USE. > > I can search http://www.symantec.com/verisign/digital-id > but the cert is not enough to trust the personal identity. > > just I expect the new ca service like "Digital ID with Extended Validation" as use case. > because of web crypto API. Hi Mountie, I'm not sure what function you are requesting. Extended Validation is a CA policy for server certificates that are supposed to be "automatically" highly trusted by user agents. It is not possible to translate this to client certificates because the relying party is not your platform/user agent/web browser/etc. It is another system I don't think that even the concept of trusted personal identity is generally acknowledged. This tends to be rather local, national or community-based. I have a company certificate. It is trusted within the company since it was internally issued using an approved process. However, outside of the company it is unknown (non-trusted). Best regards, Anders > > best regards > mountie. > > > On Mon, Aug 13, 2012 at 4:35 PM, Anders Rundgren <anders.rundgren@telia.com<mailto:anders.rundgren@telia.com> <mailto:anders.rundgren@telia.com<mailto:anders.rundgren@telia.com>>> wrote: > > On 2012-08-13 07:46, Mountie Lee wrote: > > I think following use case can be considered. > > > > CA issues strong personal identity certificates. > > it can be equivalent level to EVSSL on server side. > > > > current personal certificate issued by CA is just checking email validity. > > > > if web crypto API is widely accepted in major user agents > > certificate in user agents will have more functionality by using API. > > > > as a CA, they can consider to issue new type of certificate with strong personal identity validation. > > Hi Mountie, > > Certificate provisioning is AFAIK outside of WebCrypto scope. > > Banks and government agencies in the EU currently deploy their own software for provisioning since none of the user agents out there support provisioning of two-factor (key + PIN) authentication tokens [1]. > > Well, this wasn't entirely correct. When there is a *business incentive* to support provisioning of two-factor tokens, it is (of course) honored: > http://googlecommerce.blogspot.co.uk/2012/08/use-any-credit-or-debit-card-with.html > > Regards, > Anders > > 1] If you only need a client certificate and HTTPS you can use existing schemes like <keygen> and "CertEnroll". > > > > > regards > > mountie. > > > > ======================================= > > PayGate Inc. > > THE STANDARD FOR ONLINE PAYMENT > > for Korea, Japan, China, and the World > > > > > > > > > > > > ======================================= > PayGate Inc. > THE STANDARD FOR ONLINE PAYMENT > for Korea, Japan, China, and the World > > > > ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Monday, 13 August 2012 15:08:14 UTC