Hacker News new | past | comments | ask | show | jobs | submit login

APIs to access HSMs exist already, though – PKCS11 and friends. And HSMs are designed to deal with accesses questionable sources, so if you wanted to improve their accessibility with a HSM-specific standard, it'd be not much of a headache.

All other bazillion USB devices ever made are not designed to deal with security, and exposing them over the internet will blow up spectacularly.




All other bazillion USB devices ever made are not designed to deal with security, and exposing them over the internet will blow up spectacularly.

Which is why the devices have to announce they support WebUSB to be exposed to any web apps, and can even restrict their usage to specific domains.


> and can even restrict their usage to specific domains

Because there's no such thing as a XSS attack?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: