- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 07 Oct 2013 19:43:38 +0200
- To: Web Payments CG <public-webpayments@w3.org>, Kingsley Idehen <kidehen@openlinksw.com>
Kingsley Idehen <kidehen@openlinksw.com> wrote: > On 10/6/13 4:02 PM, Anders Rundgren wrote: > > Exactly. > > > > And browser's were not designed for performing secure transactions either. > > > > That is, there is no foundation for payment standards in this space > > unless you have some 10 years or so to spend. > > Browsers are poor tools for any kind of secure interaction with > protected data. Even when they implement PKI, they ultimately get the > UX/UI wrong. That said, and this is really important to understand, they > are but one type of HTTP user agent. As the mobile space demonstrates, a > Web Browser doesn't have totally own how end-users interact with HTTP > accessible resources. > > Thus, we don't need to wait 10 years to fix this problem. The standards > being discussed and shaped on this list will go a long way towards > fixing this problem i.e., decoupling the solution from a specific type > of HTTP user agent :-) Apparently yes because the banks in Sweden are now rewriting their PKI-client for n:th time, this time ignoring the browser altogether. Since Mozilla's <keygen> was created 1995/6, improvements in this space takes even more than 10 years to accomplish :-( Anders
Received on Monday, 7 October 2013 17:44:11 UTC