Re: W3C WebCrypto.Next Conference

On 11 August 2014 08:53, Anders Rundgren <>

> I hope to go (my position two papers were accepted) but I'm rather
> uncertain
> that the outcome actually will very clear since there are two fundamentally
> different approaches:
> - Evolution: Adopt the web-platform to existing smart cards etc
> - Revolution: Create complete systems from scratch
> FIDO represents the latter.   It doesn't build on smart card APDUs and
> cannot run on top of standard crypto APIs like PKCS #11.
> Personally, I'm also into revolution since smart cards and PKCS #11 were
> not designed to be invoked by arbitrary web-code which calls for entirely
> new protection strategies like SOP.  The only "traditional" technology
> (IMO) worth preserving is PKI.

+ 1

Smart-card systems require non-standard niche hardware that itself must be
secure/tamper proof.
Not a sustainable answer in my opinion. Hardware is increasingly becoming a
simple physical interaction point for the Web.
If the hardware can't be produced so cheap as to become ubiquitous (USB
dongles) it will struggle to become incorporated into that Web.

> Anders

Received on Monday, 11 August 2014 08:43:02 UTC