- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 05 Dec 2014 18:16:29 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>, public-webpayments@w3.org
On 2014-12-05 17:38, Manu Sporny wrote: <snip> > > What Anders is pushing for is a device (like FIDO's U2F devices only w/o > the Same Origin Policy (SOP)) that you can use on any website to > digitally sign something (after typing in a PIN on the device to > complete the signature). This is what Microsoft suggests: https://www.w3.org/2012/webcrypto/wiki/images/d/dd/CertAndKey_Management_Requirements_for_WebCrypto_microsoft.pdf Although the details are still very sketchy I don't see this as a viable solution, it looks like an orgy in security-GUIs, something which has a proven track-record to go wrong. > Typically, Secure Elements have been used for > this sort of activity. WebCrypto has no support for this right now, > although they're trying to figure out a way to make this happen at W3C. > Virginie Galindo, the chair of the WebCrypto group and Gemalto employee > (they make/sell Secure Elements), just presented to the Web > Payments IG User Payment Agent Task Force about this an hour ago. Haven't the payment-card industry already had like 15 years figuring out how this should work? So what "Anders is pushing for" is something which *does not* directly expose keys (or other sensitive stuff) to "alien" sites: http://lists.w3.org/Archives/Public/public-sysapps/2014Nov/0006.html Is this feasible? I don't know for sure, I just thought that if an application installed locally is trusted to do certain things the same application (or a subset of it) ought to be [automatically] trusted even if supplied as a part of an untrusted piece of code provided that the platform can: 1) verify that the trusted code is authentic 2) protect the trusted code from intrusion by the untrusted code That is, the model for interaction is crucial thing. Anders > > -- manu >
Received on Friday, 5 December 2014 17:16:59 UTC