W3C home > Mailing lists > Public > public-webpayments@w3.org > July 2014

Re: The TPM is dead, long live the TEE!

From: Joseph Potvin <jpotvin@opman.ca>
Date: Wed, 23 Jul 2014 08:04:19 -0400
Message-ID: <CAKcXiSr_p1cPGFQHM8yXyDyiCZcWLiBePXfTbwfed==kP3BG5Q@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments CG <public-webpayments@w3.org>
RE: "Visa, Mastercard, PayPal, Bitcoin, Ripple, etc. to all be listed as
payment options by the merchant and selected freely by the customer"

+0.8

For refinement & clarification (I hope), these brands represent
different "media-of-exchange" types, two being branded "credit card
systems", one a branded "block chain system", one a branded "automated
clearing house (ACH)" system.

The Bitcoin and Ripple communities have been using terms in ways that
conflate unit of account and medium of exchange.  For example it does
not make sense that we can say both:  "Visa, Mastercard, PayPal,
Bitcoin, Ripple"  and  "USD, EUR, BTC, XRP"

In the interest of disambiguation, I would suggest saying:
"Visa, Mastercard, PayPal, Bitcoin System, Ripple System" with
reference to the media of exchange
"USD, EUR, BTC, XRP" with reference to the units of account

-- 
Joseph Potvin
Operations Manager | Gestionnaire des opérations
The Opman Company | La compagnie Opman
jpotvin@opman.ca
Mobile: 819-593-5983

On Tue, Jul 22, 2014 at 9:54 PM, Manu Sporny <msporny@digitalbazaar.com> wrote:
> On 07/13/2014 12:33 AM, Anders Rundgren wrote:
>> How come the competition didn't buy into the TPM?
>>
>> TPMs are based on a "one-size-fits-all" security API philosophy.
>> Since Intel relies on external vendors supplying TPM-components this
>> (IMHO fairly unwieldy) API must also be standardized which makes the
>> process updating TPMs extremely slow and costly.
>>
>> TEEs OTOH can be fitted at any time with application-specific
>> security APIs which both can be standardized or entirely proprietary.
>> In fact, even third-parties can create new security APIs using
>> GlobalPlatform's TEE!
>
> Hey Anders,
>
> Could you elaborate a bit more on how we could apply this approach to
> the Web Payments initiative? The part that I don't understand is that if
> you allow entirely proprietary APIs into the mix, how do you achieve
> interoperability? Does it not matter at that level?
>
> To bring this more in line w/ what we're doing. We hope that the payment
> initiation mechanism that we end up standardizing is going to allow
> Visa, Mastercard, PayPal, Bitcoin, Ripple, etc. to all be listed as
> payment options by the merchant and selected freely by the customer
> depending on which payment mechanism they want to use. Is this an
> example of the approach that you're suggesting?
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Marathonic Dawn of Web Payments
> http://manu.sporny.org/2014/dawn-of-web-payments/
>
Received on Wednesday, 23 July 2014 12:05:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:32 UTC