- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Wed, 24 Apr 2013 08:19:58 +0500
- To: noloader@gmail.com
- CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On 2013-04-24 07:41, Jeffrey Walton wrote: > On Tue, Apr 23, 2013 at 10:19 PM, Anders Rundgren > <anders.rundgren@telia.com> wrote: >> The problem in a nutshell is that the use-case for consumer-PKI only exists outside of the US while the platforms essentially are all of US origin. >> > What is consumer-PKI? A PKI that relies on a commercial CA? Or the > browser's use of commercial CAs and subordinates? Or perhaps a > application by a commercial company whose PKI uses its own private CA? Jeff, Your questions reveal that you are from the US :-) Consumer-PKI is essentially about replacing passwords with client certificates where the private key is often stored in hardware. A PKI can be as local as our 30-person company's or cover an entire nation. As an invited expert of TrustedComputingGroup I think I can say (without breaking the NDA...) that the two most well-known vendors in the PC-business, Microsoft and Intel have repeatedly rejected the idea that their new baby, the TPM 2.0 would support consumer-PKIs. They succeeded! Android? https://groups.google.com/forum/#!msg/android-security-discuss/6YrgoV_IuhA/j1ov3XBNI4gJ Can you possibly do worse? Anders > > PKI deployments are world wide. The details and profiles are designed > by committee in documents such as RFC 5280. > > The agenda for a commercial CA is pretty clear: maximize earnings, > minimize warranty, and shed liability through license agreements and > Certification Practice Statement (CPS). > > Jeff > >
Received on Wednesday, 24 April 2013 03:20:32 UTC