It sounds like WebCrypto or something more related to it. http://www.w3.org/2012/webcrypto/ <http://www.w3.org/2012/webcrypto/>
> On Mar 19, 2015, at 3:05 PM, Jim Schaad <[email protected]> wrote: > > To me this sounds more like a W3C activity than an IETF activity. > > Jim > > > From: jose [mailto:[email protected]] On Behalf Of Anders Rundgren > Sent: Wednesday, March 18, 2015 10:41 PM > To: [email protected] > Subject: [jose] Charter Proposal: "Trusted Code" for the Web > > Trusted Code for the Web > > Existing security-related applications like authentication, payments, etc. > are all based on that a core-part is executed by statically installed > software that is supposed to be TRUSTED. > > Since web-based applications are transiently downloaded, unsigned and come > from any number of more or less unknown sources, such applications are by > definition UNTRUSTED. > > To compensate for this, web-based security applications currently rely on a > hodge-podge of non-standard methods [1] where trusted code resides (and > executes) somewhere outside of the actual web application. > > However, because each browser-vendor have their own idea on what is secure > and useful [2], interoperability has proven to be a major hassle. In > addition, the ongoing quest for locking down browsers (in order to make them > more secure), tends to break applications after browser updates. > > Although security applications are interesting, they haven't proved to be a > driver. Fortunately it has turned out that the desired capability ("Trusted > Code"), is also used by massively popular music streaming services, > cloud-based storage systems, on-line gaming sites and open source > collaboration networks. > > The goal for the proposed effort would be to define a vendor- and > device-neutral solution for dealing with trusted code on the Web. > > > References > > 1] An non-exhaustive list include: > - Custom protocol handlers. Primarily used on Android and iOS. GitHub also > uses it on Windows > - Local web services on 127.0.0.1. Used by lots of services, from Spotify to > digital signatures > - Browser plugins like NPAPI/ActiveX. Used (for example) by millions of > people in Korea for PKI support but is now being deprecated > - Chrome native messaging. Fairly recent solution which enables Native <=> > Web communication > > 2] https://code.google.com/p/chromium/issues/detail?id=378566 > <https://code.google.com/p/chromium/issues/detail?id=378566> > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
