- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 02 Aug 2013 21:49:01 +0200
- To: public-webpayments@w3.org
Dear list, I'm a "seasoned" developer in the PKI field with specific interests in the consumer space. Ages ago I started with a thing I have seen debated in this and other list; the abysmal state of client-PKI support in browsers. Unfortunately I found that my scheme (as well as all its predecessors including HTML5's <keygen>) is INCOMPATIBLE with the emerging W3C WebCrypto standard! Since my firm belief is that there's little point equipping platforms with multiple and feature-wise entirely different key-store mechanisms, I have added (currently only on paper...) a twist to WebCrypto which bridges the "Old" and "New" world. An obvious application for this marriage (in heaven or hell?) are on-demand (transiently) downloaded, more or less arbitrary, payment-applications: http://webpki.org/papers/PKI/pki-webcrypto.pdf That dynamically loaded "Trusted Chrome" is bound to specific keys may seem odd but it gives payment-networks the ability to optimize the GUI for the actual protocol as well as supporting branding options. It may even spur some innovation in the payment sector since the scheme doesn't restrict protocols; both POS-style and 3D Secure-like concepts should be fully implementable. Comments? Thanx, Anders Rundgren
Received on Sunday, 4 August 2013 11:53:07 UTC