- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Mon, 08 Jul 2013 20:36:44 +0200
- To: Arun Ranganathan <aranganathan@mozilla.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Hi Arun, I read your response to Sangrae Cho regarding the use of BrowserID as the Korean solution: http://lists.w3.org/Archives/Public/public-webcrypto/2013Jul/0011.html There's nothing wrong with BrowserID but it is probably not compliant to banks' requirements since it does neither address PIN-codes nor secure storage. IMO this is valid for the entire Web Crypto API scheme. A related issue which has not been commented on is that the Web Crypto specification effectively "disintegrates" a platform with respect to key storage. Immediately after (probably even before) Web Crypto passes through standardization, a frenzy of (all incompatible) schemes will emerge with the goal of restoring the platform again. regards Anders
Received on Monday, 8 July 2013 18:37:18 UTC