- From: Arun Ranganathan <arun@mozilla.com>
- Date: Tue, 16 Jul 2013 12:39:32 -0400
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
I'll be the first to admit that I gleaned what I could from the use cases wiki (http://www.w3.org/2012/webcrypto/wiki/Use_Cases#Financial_transactions:_online_banking), notably from the section on online baknking, and from various emails on this listserv, and attempted to "reimagine them" using the features we're exposing with the WebCrypto API. Of course, this doesn't include some substantial requests, particularly for TLS stuff, and for key store. If experts agree that it isn't the right use case to solve for, I'm amenable to striking it. -- A* On Jul 16, 2013, at 12:57 AM, Anders Rundgren wrote: > Pardon me for bringing up the banking use-case again but I don't think WebCrypto in > its current shape will get much interest from banks. They are picky about things like > key protection and that is essentially undefined. > > Google's Gnubby seems like a much stronger candidate for bank applications: > https://sites.google.com/site/oauthgoog/gnubby > > If banks want to use public key cryptography they can actually do that using the > existing PKI support in browsers. Few do and rather build their own client software > more or less from scratch. > > This reminds me of the conceptually brilliant but failed Information Card scheme which > Microsoft tried to launch on top of a platform which was (and to my knowledge still is) > unsuited for large-scale deployment of public-key based authentication systems. > > Anders >
Received on Tuesday, 16 July 2013 16:40:27 UTC