On Thu, Jun 25, 2015 at 12:19 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:
>
> Would it be possible elaborate a bit over these "alternative" and "modern"
> systems?
>
https://fidoalliance.org/ is an example of a signature scheme designed for
the web security model. Any sort of signature scheme exposed to the web
should consider how that boundary is made.
> Regarding the "tremendously dangerous security model" what exactly would
> evilhacker be able to do with a signature it tricked the poor user to
> perform?
>
hermes-soft.com/signing might sign a document "I authorize $100 to be
transferred to hermes-soft"
evilhacker.example.com/phishing might sign a document "I authorize $1000 to
be transferred to evilhacker"