- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 26 Jun 2015 06:01:42 +0200
- To: Samuel Erdtman <samuel@erdtman.se>, Billy Simon Chaves <b.simon@hermes-soft.com>
- Cc: Mark Watson <watsonm@netflix.com>, Ryan Sleevi <sleevi@google.com>, Jeffrey Walton <noloader@gmail.com>, WebCrypto Comments <public-webcrypto-comments@w3.org>
Hi All, It is in this context worth noting that some countries have given up on client-side PKI for citizens and are nowadays rather targeting (and using) identity portals. Some of these portals can also sign on behalf of the user using a "client-side PKI in the cloud". Using identity portals, FIDO works fine. The mobile phone PKI mentioned by Samuel is (IMO) cooler than identity portals but suffers from being entirely proprietary and is also susceptible to phishing in the same way as OTP. Anyway, the concept of a traditional ID-card combined with some kind of "e-identity" doesn't look like winner. Even NIST have [finally] found out that and are pushing "derived credentials" as a more scalable solution. Anders
Received on Friday, 26 June 2015 04:02:12 UTC