- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 23 Oct 2013 08:02:39 +0200
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Mountie Lee <mountie@paygate.net>
Hi Mountie, I saw this posting of yours: http://lists.w3.org/Archives/Public/public-webcrypto/2013Oct/0031.html Since we both will go to the TPAC we could talk about this (outside of the meeting). Anyway, this question has popped up several times before and it has always been turned down. AFAICT, there are two distinct use-cases here: - Creation of keys and certificates - Usage of keys and certificates Asking for explicit support for Smart cards, PKCS #11, NSS etc. in WebCrypto for *creating* keys is requesting something that the browser-vendors do not even have in their existing products (in a way that make sense for consumers NB), making this requirement very difficult to cope with. The only serious work in this space I'm aware of is Google's U2F which I believe addresses most (if not all) of your concerns: http://fidoalliance.org However, *using* keys and certificates featured in smart cards or in the browser/platform keystore seems technically possible but not without additions to the specification. My competitor/college Samuel Erdman proposed such a scheme a long time ago. It is a bit of a "hack" but OTOH waiting for the "perfect solution" is largely contra-productive; we need something in between. Unfortunately none of the browser-vendors have expressed any sympathy for an "interim solution" for us poor souls working with legacy applications. Anders
Received on Wednesday, 23 October 2013 06:03:12 UTC