- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Fri, 21 Dec 2012 06:33:47 +0100
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Adding certificate enrollment to the Web Crypto API is trivial; a certificate is just an attribute.
Although my knowledge of IndexedDB is sort of limited
( https://developer.mozilla.org/en-US/docs/IndexedDB/Basic_Concepts_Behind_IndexedDB )
it seems (please don't kill me if I'm wrong...) that you could store a certificate in an
"associated" table without even touching the Web Crypto API.
That is, to achieve the level of functionality offered by <keygen> and friends you are probably already there :-)
I don't see that CMC, CMP, SCEP, EST or anything of that kind would add any interesting to the plot
since these schemes do not support an end-to-end security provisioning concept.
However, for the thorny subject known as "Banking Transactions" certificate enrollment is not
enough, you rather need a token management scheme like SCPnn used in Google's Wallet.
Gemalto have proposed a webbified version of this in W3C:
http://lists.w3.org/Archives/Public/public-sysapps/2012Jun/0058.html
The problem (as I see it...) is that there's no defined "bridge" between the Web Crypto API
and *real* banking technology such a featured in the Google Wallet.
Anders
Received on Friday, 21 December 2012 05:34:25 UTC