UseCase for B2C personal information exchange

Hi.

I have comments for
http://www.w3.org/2012/webcrypto/wiki/Use_Cases#B2C_personnal_information_exchange


as a Korean Citizen
I receive many encrypted mails from card company or banks.

the basic mechanism is as following.
the sender send mail with application download link and encrypted mail
attachment.
the user is able to decrypt the mail attachment after installing the
application via the link.
the passphrase is normally the last 7 digits of my personal SSN.

the sender forces user installing application to their WINDOWS PC.

I think we can not replace this case with web crypto implementations.

because

has conflict "same origin" policy of browser.
we can not make sure the email client has always web browsing capability
and the content is normally loaded from local file system.

has alternatives
the sender can invite user to their web site
and verify user identity.
then show sensitive message on the web.

so my comment is
remove those use case "B2C personnal message exchange"
(sorry Channy ^^!)

best regards
mountie.

-- 
Mountie Lee

Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Monday, 30 July 2012 05:05:02 UTC