2009/3/22 Channy Yun <[email protected]>: > Dear Webapps W/G members, > > This is Channy Yun, one of web standards evangelists in Korea. I'm so glad to > introduce myself in this working group. I want to get advice from you about > as following my issue. Please don't hesitate to write your thought. > > Motivation > As someone knows, Korea's browser monoculture has prevented tech innovations > and user's choice [1]. It was caused by wrong implementation of digital > signature by Korean govenment's the law and national PKI system. Its > technique has been based on browser plugin as like Active X and Java applet, > so it also made many security problems on user's PC. Nowadays 15 million > personal certificates were issued and they are used in e-banking, trading and > governmental sites to valid user and transaction in Korea. >
rght > Similarly some of European countries also had national PKI system including > Denmark [2], Spain and etc. Denmark's system was opensourced [3], but it is > also based on browser plugins. It were dominated by VeriSign most of > commercial market as like private CA service with issuing personal > certificate and transaction with digital signature. > right > Many countries want to national CA and offer their service to citizen with > assurance by law[4]. So I thought it needed browser-based web signing model > by bad example of Korea. > right > History > I and some people suggested this issue to WHATWG because it was solved by > browser vendors. Anders Rundgren also did own model of WASP - signing data in > browser sessions[5] and I did adding digital signature in <form> processing > in HTML5. > right > As following is history of this issue. > > http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2006-September/thread.html#7246 > http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2006-October/thread.html#7573 > http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2006-November/thread.html#7592 > http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-July/015513.html > http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-July/thread.html#15522 > http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2009-March/thread.html#18919 > > Ian recommended us to continue this discussion in Webapps W/G[6]. Andres also > has tried another effort to solve issue[7]. > can you please send us a better summary. > Rebuilding of Web Signing Profile > Maybe this long history was recognized by leading people of this group. I > don’t convince whether the activity of web signing profile was made by this > purpose or not. But, it seems to integrate with Widget’s digital signature > and there is no action further. > I dont understand. can you please make your comments against the current editor's draft of our spec? > As you know, the technology situation was very changed in time raising this > issue. Ajax was born and there are many web applications based on open > standards and Web APIs. > ok > So I want for you to consider this issue in this working group with new > baseline and for to browser vendors to join this issue quickly before many > countries commit a fault as like Korea. Brower’s functions as like > crypto.signText or IE’s CAPICOM dll were deprecated in right now. So it is > essential making new standard and implementation them. > I'm not sure what you wan us to do. > > Reference > ------ > [1] http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s > [2] http://www.virk.dk/digital_signatur > [3] http://www.openoces.org/index.html > [4] https://wiki.mozilla.org/CA:Schedule > [5] http://webpki.org/ > [6] http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2009-March/018935.html > [7] https://informationcard.net/wiki/index.php/Browser_Integration_WG > > > Channy > --------------------- > http://www.linkedin.com/in/channy > http://www.creation.net > > Daum Developers Network & Affiliates > http://dna.daum.net > -- Marcos Caceres http://datadriven.com.au
