On 2014-11-09 18:02, Zijyfe Duufop wrote:
your claim about innovation is irrelevant because either one of the
> platform vendors will be available for developers or they will use > other means of implementation.
Now we know your solution to the problem I first mentioned. I.e. signed web apps. My hesitation with this is why would you build such a thing for Android or iOS that have much richer native environments?
Remember, there is no perfect solution to any problem
I know, but smart cards were never designed for the web. Anders
On Sun, Nov 9, 2014 at 11:56 AM, Anders Rundgren <anders.rundgren....@gmail.com <mailto:anders.rundgren....@gmail.com>> wrote: This somewhat [thought]provoking subject-line has a simple explanation: There is still no specification in spite of the topic being on the radar since years back. It doesn't appear possible creating such a specification as well: Imagine calling a method that does something like P11's C_Sign, what's supposed to happen? A browser-initiated dialog box saying: This application wants key XYZ to sign something but I don't know why and what, do you agree? Would installed and signed web applications help here? No, it would not because there is no obvious signer of such modules except the platform vendors which would severely impede innovation. Leaving the trust-decision to the user is not an option either, it would only open a floodgate to key miss-using malware. Anders
