W3C home > Mailing lists > Public > public-identity@w3.org > December 2011

Re: Key Opacity/Identification Issue - Web Cryptography Charter Updated

From: Tom Ritter <tom@ritter.vg>
Date: Sun, 11 Dec 2011 18:37:10 -0500
Message-ID: <CA+cU71k2jRk5AoZFNi4aCth+_hKTLXi4hMZyQOt9viSypFvDiQ@mail.gmail.com>
To: public-identity@w3.org
So thinking about 5705, I'm wondering how useful it is after all.  TLS
key extraction via 5705 would enable, as an example, a web application
that encrypts something, sends it up via TLS, and the web application
decrypts it for processing locally.  It'd be encrypted inside of TLS
encryption, which I think really only gives an advantage if the TLS
session is negotiated using Diffe Hellman.  Otherwise someone with
access to the private key could decrypt both the TLS stream and the
5705-encrypted data.  And that generalizes from an encrypted blob to
anything.  5705 seems to decay to TLS unless DH is in play.  (Is that
accurate?  If not, then 2/3 of my critism is void.)

5705 would also require exposing the methods server-side, up through
the library (OpenSSL/SChannel/GNUTLS) and through the web server &
language package (mod_php/mod_python/wsgi/etc).  That's a lot of
moving parts.  I'm not opposed to it but it seems like a lot of work
for not a lot of gain.


>    The last one there also sounds reasonable. Not sure I get what
>    "operate on" might mean for the 2nd last one.

>    I'd like some details on the precise parameters to be exposed.

I'm going to expand on those bullet points in a seperate mail in the
Use Cases thread.

-tom
Received on Monday, 12 December 2011 12:32:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 12 December 2011 12:32:14 GMT