- From: Mountie Lee <mountie@paygate.net>
- Date: Tue, 2 Apr 2013 23:13:33 +0900
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Received on Tuesday, 2 April 2013 14:14:33 UTC
we have to be careful creating any new UI and related specifications. it has serious and many issues - languages - encodings - web accessibility for disabilities - security policies (control of password or account lockout policy) - availabilities for CSS style I can not say yes for your approach without above considerations. On Tue, Apr 2, 2013 at 8:10 PM, Anders Rundgren <anders.rundgren@telia.com>wrote: > Since an issuer of a key has (if I didn't got it all wrong...) full > "usage" access to a key it has issued including signing whatever it wants > there are obviously some trust isolation limits of the Web Crypto API. > Note: I don't see that as a big problem. > > Anyway, in such a context it wouldn't be completely wrong adding something > like a "setPIN (value, retries)" method to a key which for subsequent uses > of the key would require the user providing a matching PIN. > > The policy of the PIN would be defined in a traditional web-process. > > Anders > > > > > > > > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Tuesday, 2 April 2013 14:14:33 UTC