On 11 August 2014 08:53, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/Overview.html > > I hope to go (my position two papers were accepted) but I'm rather > uncertain > that the outcome actually will very clear since there are two fundamentally > different approaches: > - Evolution: Adopt the web-platform to existing smart cards etc > - Revolution: Create complete systems from scratch > > FIDO represents the latter. It doesn't build on smart card APDUs and > cannot run on top of standard crypto APIs like PKCS #11. > > Personally, I'm also into revolution since smart cards and PKCS #11 were > not designed to be invoked by arbitrary web-code which calls for entirely > new protection strategies like SOP. The only "traditional" technology > (IMO) worth preserving is PKI. + 1 Smart-card systems require non-standard niche hardware that itself must be secure/tamper proof. Not a sustainable answer in my opinion. Hardware is increasingly becoming a simple physical interaction point for the Web. If the hardware can't be produced so cheap as to become ubiquitous (USB dongles) it will struggle to become incorporated into that Web. > > Anders > >Received on Monday, 11 August 2014 08:43:02 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:33 UTC