- From: Jeffrey Walton <noloader@gmail.com>
- Date: Sun, 21 Apr 2013 23:12:52 -0400
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On Sun, Apr 21, 2013 at 10:52 PM, Anders Rundgren <anders.rundgren@telia.com> wrote: > https://dvcs.w3.org/hg/webcrypto-usecases/raw-file/tip/Overview.html#banking > > I'm probably just dumb but I don't see much point in signature verification where the > _signer_ provides both the verification code and the reference to the public key, do you? It depends on the threat(s) and possible security diversification techniques being used. If its a purely browser based app (not side loaded or app store loaded), then there's not a lot that can be done due to browser [platform] limitations. "...Jae-sang is also presented with a user guide that explains..." - this portion is completely broken because user education does not work in practice (unless folks in Korea respond differently then the rest of the population). See Gutmann's 'Engineering Security' (www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf), Chapter 2 (Psychology). Jeff
Received on Monday, 22 April 2013 03:13:19 UTC