Pre-provisioned Key Storage/Discovery: Under-Researched

I don't think that a separate draft is the best approach for a next immediate step.

Pre-proviosioned keys is an entirely different ball-game than [the IMO slightly less interesting] origin-based dittos.

If the WG is serious about pre-provisioned keys you need to research the processes, as well as the security and privacy issues if the result is going to be generally useful.

BTW, if Netflix is the only WG party actively working with pre-provisioned keys it seems that the team is a little bit on the thin side.

No, I don't want to participate in this effort; I'm already walking along the same path as GlobalPlatform [*] which according to Ryan is at odds with the web security model (requires signed JS that runs unaffected by potentially malicious surrounding application code).

Oh well, **** the web security model :-)


also Featured in the Google Wallet, EMV cards, etc.

Received on Friday, 30 November 2012 21:08:37 UTC