Re: Was: Draft Blog Post on Cryptography API, Now: Potential API recommendation caveats from Anders Rundgren on 2012-10-09 (public-webcrypto-comments@w3.org from October 2012)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Tue, 09 Oct 2012 08:32:22 +0200
To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Mountie Lee <mountie.lee@gmail.com>
Message-ID: <5073C4F6.6010309@telia.com>

http://lists.w3.org/Archives/Public/public-webcrypto/2012Oct/0042.html

As I have explained there is also another solution which doesn't require the user to trust unknowns issuer or having the browser give carte-blanche trust to anybody having purchased a VeriSign code-certificate is to rather let issuers of keys decide which applications they trust through a signature:

http://webpki.org/papers/PKI/pki-webcrypto.pdf

Anders

Received on Tuesday, 9 October 2012 06:33:03 UTC