Re: Certificate Management Protocol with RFC4210 from Anders Rundgren on 2013-03-26 (public-webcrypto-comments@w3.org from March 2013)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Tue, 26 Mar 2013 14:56:47 +0100
To: Mountie Lee <mountie.lee@mw2.or.kr>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <5151A91F.8080208@telia.com>

On 2013-03-26 14:35, Mountie Lee wrote:
> SecureToken is optional.
> initial PIN is set by vendor and users have control.

This is where the discussion goes wrong.  Security Elements is a standard
feature in Windows RT as well as in most newer Android phones.

Why would W3C bother with a protocol like CMP (or EST like Richard Barnes suggested)
which weren't designed for Security Element provisioning?

Or put in another way: What do you seek that W3C's <keygen> doesn't already have?

Regards,
Anders

> 
> service providers has no control for it.
> 
>  
> 
> 
> On Tue, Mar 26, 2013 at 10:20 PM, Anders Rundgren <anders.rundgren@telia.com <mailto:anders.rundgren@telia.com>> wrote:
> 
>     On 2013-03-26 14:07, Mountie Lee wrote:
>     > PIN is used to access secure token storing the certificate and private key
>     > secure token is accessed via PKCS#11 interface.
>     >
>     > the other parts (servers and services) are based on RFC4210 (previously RFC2510)
> 
>     Mountie,
> 
>     But how do you set the initial PIN?
> 
>     Regards
>     Anders
> 
> 
>     >
>     > regards
>     > mountie.
>     >
>     >
>     > On Tue, Mar 26, 2013 at 6:13 PM, Anders Rundgren <anders.rundgren@telia.com <mailto:anders.rundgren@telia.com> <mailto:anders.rundgren@telia.com <mailto:anders.rundgren@telia.com>>> wrote:
>     >
>     >     http://lists.w3.org/Archives/Public/public-webcrypto/2013Mar/0122.html
>     >
>     >     Doesn't the Korean NPKI use PIN-codes (two-factor authentication)?
>     >
>     >     If so I don't understand how the deal with those using CMP since no PKIX-protocols support this basic functionality.
>     >     If they on the other hand don't use PIN-codes they are running a very unusual NPKI.
>     >
>     >     Anders
>     >
>     >
>     >
>     >
>     >
>     >
>     >
>     >
>     >
>     >
>     > --
>     > Mountie Lee
>     >
>     > PayGate
>     > CTO, CISSP
>     > Tel : +82 2 2140 2700
>     > E-Mail : mountie@paygate.net <mailto:mountie@paygate.net> <mailto:mountie@paygate.net <mailto:mountie@paygate.net>>
>     >
>     > =======================================
>     > PayGate Inc.
>     > THE STANDARD FOR ONLINE PAYMENT
>     > for Korea, Japan, China, and the World
>     >
>     >
>     >
>     >
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> Mountie Lee
> 
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net <mailto:mountie@paygate.net>
> 
> =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
> 
> 
> 
>

Received on Tuesday, 26 March 2013 13:57:25 UTC