W3C home > Mailing lists > Public > public-identity@w3.org > September 2011

Re: Javascript Cryptography Considered Harmful

From: John Kemp <john@jkemp.net>
Date: Thu, 22 Sep 2011 11:43:23 -0400
Cc: David Dahl <ddahl@mozilla.com>, Henry Story <henry.story@bblfish.net>, public-identity@w3.org
Message-Id: <C389C390-8010-496B-8B8D-B49E38BC02D5@jkemp.net>
To: Dave Raggett <dsr@w3.org>
On Sep 22, 2011, at 4:44 AM, Dave Raggett wrote:

> On 22/09/11 03:33, John Kemp wrote:
>> I think the gist of the Matasano blog post (this is my interpretation anyway) is that you can given them (Javascript developers) these things and it doesn't solve the essential problem of trust between client and server. In other words, it is still possible for an MITM to make the client believe it is interacting with a trustworthy entity, in which case, the encryption part itself is very much less useful. Or, at least, it is no more useful than SSL/TLS.
> Establishing trust with an online entity is hard without an out of band means to support it, e.g. your bank handing you a brochure with the URL to enter when setting up an online account. Establishing that you are connecting to the same website as the one that you set up an account with, would be a step forward.

Establishing such a link would indeed be helpful in preventing some attacks, yes.

> MITM can be frustrated if the browser checks that the public key for the site is the same as on previous occasions. This doesn't require DOMCrypt.
> Of course, you could still be socially engineered into clicking on a link in an email and being taken to a spoofed site, and it is relatively easy for such a site to get a certificate to ensure the browser displays the padlock icon, and appear to be a trustworthy entity. However, the origin displayed would be different from the one you may or may not remember. Users may be falsely assured if they see the familiar favicon next to the origin. Disclosing critical personal information via web pages therefore remains a risk.

Agreed. So the greening of the URL bar (EV certificates et al) and the warnings about self-signed certificates provide a sense of security that is not actually in-line with the user's expectation that they are dealing with a trustworthy entity.

> Nonetheless, providing web page scripts with access to fast high-level cryptographic functions would have many uses.

It would be nice to not only have such uses documented, but also to explicitly state that JS crypto does not solve the MITM problem. 


- John

> -- 
> Dave Raggett<dsr@w3.org>  http://www.w3.org/People/Raggett
Received on Thursday, 22 September 2011 15:44:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:00:47 UTC