Menu
▾
▴
Re: [Opensc-devel] Google introduces Web-based smart card
|
From: Andreas S. (ML) <and...@ca...> - 2013-06-14 09:03:10
|
As the scheme is based on a piece of hardware it makes sense to trust the manufacturer to provide a genuine device. This way you know the key remains safe on the client side and is not some software based / man-in-the-middle generated key pair. It's quite the same what Anders does with the webpki attestation key and what we do with the device authentication key in the SmartCard-HSM. The key questions is how this network of trusted suppliers will be build. Who will certify suppliers ? Who operates a root CA that certifies suppliers ? Will there be a security evaluation of the devices (like CC) ? Andreas Am 14.06.2013 10:54, schrieb Alon Bar-Lev: > Yes, at first read I thought there is nothing new, we can do this with > existing smartcards... > > But then read: > """ > Initial Signup: Site sends Javascript call to browser asking for > public key for user. Browser finds activated U2F, asks it for public > key to remember for user. U2F returns signed public key (signature is > by U2F vendor). Site (optionally) verifies public key signature to > ensure its an accepted vendor and saves public key + attached blob > (encrypted private key). > """ > > So it is a meter of trust, same as PKI... only that you are forced to > trust the manufacturer... which is totally wrong. > > Initially I thought that each registration will create its own key > pair... which could have been nice if the device has enough memory. > Even single key pair is OK if you would like to share it between > services. > > Regards, > Alon > > On Fri, Jun 14, 2013 at 11:41 AM, helpcrypto helpcrypto > <hel...@gm...> wrote: >> I love the big brother. >> >> >> On Tue, Jun 11, 2013 at 6:59 PM, Anders Rundgren <and...@te...> wrote: >>> https://sites.google.com/site/oauthgoog/gnubby >>> >>> I think it is actually good that I finally have a competitor! >>> >>> Smart Card middleware will be a thing of the past. Hooray! >>> >>> Anders >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Windows: >>> >>> Build for Windows Store. >>> >>> http://p.sf.net/sfu/windows-dev2dev >>> _______________________________________________ >>> Opensc-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opensc-devel >> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Windows: >> >> Build for Windows Store. >> >> http://p.sf.net/sfu/windows-dev2dev >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel >> > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org |
