Re: draft for certificate management from Anders Rundgren on 2013-03-04 (public-webcrypto-comments@w3.org from March 2013)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Mon, 04 Mar 2013 14:56:14 +0100
To: Aymeric Vitte <vitteaymeric@gmail.com>
CC: Nick Van den Bleeken <Nick.Van.den.Bleeken@inventivegroup.com>, Mountie Lee <mountie.lee@mw2.or.kr>, public-webcrypto-comments@w3.org
Message-ID: <5134A7FE.7070302@telia.com>
I'm also interested but I'm at the same time rather unconvinced that the current Web Crypto
trust and security model actually is useful for traditional pre-provisioned keys/certificates.

IMHO, new security architectures like the one powering the Google Wallet indicates that there _may_
be other ways of achieving a from security, trust, privacy, and usability point-of-view more
reasonable scheme, than by exposing platform-wide NSS, PKCS #11, CryptoAPI, etc. subsystems
to arbitrary web-access.  The latter were designed in another time and for another purpose.

Unfortunately (_if_ my findings are correct...), that would put the WG on a pretty difficult
path. In addition, a new security architecture would most likely also be incompatible with
already issued credentials and tokens, so I guess that it might be a better idea taking on
work-items that doesn't have any implications on the platform underpinnings like a
High Level API (which I'm personally not particularly interested in).

Anders

On 2013-03-04 12:02, Aymeric Vitte wrote:
> Me too, as well as working on TLS and exposing certificates specs.
> 
> Maybe take a look here : https://github.com/Ayms/abstract-tls which is an adaptation of https://github.com/digitalbazaar/forge that I am currently modifying and integrating, this could be helpfull to start building the certificates and TLS models (still easier to start from something working and well documented like forge with interesting concepts like the abstract notions, and to modify it than starting from scratch).
> 
> Regards,
> 
> Aymeric
> 
> 
> Le 04/03/2013 08:44, Nick Van den Bleeken a écrit :
>> Mountie,
>>
>> That's good news. We are also interested in an API that allows us to retrieve the certificate and its certificate chain of pre-provisioned cryptographic keys. 
>>
>> If I can help in any way, please let me know (review early documents, do some early prototyping, …).
>>  
>> Kind regards,
>>
>> Nick Van den Bleeken
>>
>> On 04 Mar 2013, at 03:10, Mountie Lee <mountie.lee@mw2.or.kr <mailto:mountie.lee@mw2.or.kr>>
>>  wrote:
>>
>>> Hi.
>>>
>>> currently certificate related issues are belong to secondary features of API and becoming pending.
>>>
>>> but the editor has more focus on primary feature and high level API.
>>>
>>> let me contribute a draft for certificate management that will be different document and can be reviewed by WG members later.
>>>
>>> still some WG members want features of certificate.
>>>
>>> the milestones and schedules are not yet prepared.
>>> after discussing with more participants, I will inform to WG again.
>>>
>>> regards
>>>
>>> -- 
>>> Mountie Lee
>>>
>>> PayGate
>>> CTO, CISSP
>>> Tel : +82 2 2140 2700
>>> E-Mail : mountie@paygate.net <mailto:mountie@paygate.net>
>>> =======================================
>>> PayGate Inc.
>>> THE STANDARD FOR ONLINE PAYMENT
>>> for Korea, Japan, China, and the World
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> Inventive Designers' Email Disclaimer:
>> http://www.inventivedesigners.com/email-disclaimer
> 
> -- 
> jCore
> Email :  avitte@jcore.fr
> iAnonym : http://www.ianonym.com
> node-Tor : https://www.github.com/Ayms/node-Tor
> GitHub : https://www.github.com/Ayms
> Web :    www.jcore.fr
> Webble : www.webble.it
> Extract Widget Mobile : www.extractwidget.com
> BlimpMe! : www.blimpme.com
>
Received on Monday, 4 March 2013 13:56:50 UTC