Nelson B Bolyard Wrote. > This demonstrates that standardization is an option but an increasingly > difficult option as well in an ever faster-moving world: > http://www.w3.org/2009/06/xhtml-faq.html
>Does it? >It appears to me that this is the standards body pruning the tree of >html offshoots, recognizing a single standard for the "XML serialization >of HTML". That's correct. But as I have understood it, HTML5 came from the "outside" through WHATWG and effectively killed W3C's "internal" (X)HTML effort. >Now, I seem to recall that one of your complaints about the >world of crypto is the lack of standardization of methods (e.g. scripting) >for certain functions. Well, I primarily of question the *huge* investments that are done by EU banks and Governments for replacing or enhancing the client-side PKI implementation of current browsers with proprietary stuff. Technically they had no real option though. I had naively hoped that for example Mozilla would be interested in getting some of this money in exchange for spearheading work in this space. Having a platform that runs on most computers makes Firefox an excellent "vehicle" for such developments! Unfortunately, In spite of big efforts (papers, conferences, and a gazillion of e-mails), I have to date not found a single person within Microsoft or the Mozilla community who are interested in the more architectural aspects of secure on-line banking and e-government services for the web. Anyway, I started 2003 with the idea that I should try to standardize "web signing" but I have swapped "standardization" for Open Source. Lately I've found a much more important area than signing and that is key provisioning and management. This is truly virgin territory! The current work spans from soft certificates in browsers, to hardware-protected keys in mobile phones. In addition, there is a new token architecture that by adding $1-$2 to the list-price of USB memory stick will enable consumers to have a mobile "key.db" making their PIV/CAC/eID cards appear quite limited (like addressing 5% of your Internet auth needs). That for example Microsoft launched their pretty nice Information Card scheme as running code + spec + support to Open Source and waited more than two years with a formal OASIS TC is an indication that I'm not alone in believing that introducing *radically new* things the old way has simply run out of gas. Happy 4:th wishes Anders Rundgren Reasonably good engineer, lousy salesman -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
