- From: Adrian Hope-Bailie <adrian@hopebailie.com>
- Date: Mon, 11 Aug 2014 10:42:33 +0200
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: Web Payments CG <public-webpayments@w3.org>
Received on Monday, 11 August 2014 08:43:02 UTC
On 11 August 2014 08:53, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/Overview.html > > I hope to go (my position two papers were accepted) but I'm rather > uncertain > that the outcome actually will very clear since there are two fundamentally > different approaches: > - Evolution: Adopt the web-platform to existing smart cards etc > - Revolution: Create complete systems from scratch > > FIDO represents the latter. It doesn't build on smart card APDUs and > cannot run on top of standard crypto APIs like PKCS #11. > > Personally, I'm also into revolution since smart cards and PKCS #11 were > not designed to be invoked by arbitrary web-code which calls for entirely > new protection strategies like SOP. The only "traditional" technology > (IMO) worth preserving is PKI. + 1 Smart-card systems require non-standard niche hardware that itself must be secure/tamper proof. Not a sustainable answer in my opinion. Hardware is increasingly becoming a simple physical interaction point for the Web. If the hardware can't be produced so cheap as to become ubiquitous (USB dongles) it will struggle to become incorporated into that Web. > > Anders > >
Received on Monday, 11 August 2014 08:43:02 UTC