W3C home > Mailing lists > Public > public-web-security@w3.org > June 2011

Re: Smart Card support. Re: Request for feedback: DOMCrypt API proposal

From: Nico Williams <nico@cryptonector.com>
Date: Tue, 7 Jun 2011 12:07:48 -0500
Message-ID: <BANLkTi=MVokeVfvqCUOB5jQJZfuXCRYPDQ@mail.gmail.com>
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: "Richard L. Barnes" <rbarnes@bbn.com>, David Dahl <ddahl@mozilla.com>, public-web-security@w3.org
On Mon, Jun 6, 2011 at 11:16 PM, Anders Rundgren
<anders.rundgren@telia.com> wrote:
> On 2011-06-07 03:58, Nico Williams wrote:
>> That said, a smartcard interface is the most we could do in terms of
>> browser integration with JS crypto APIs, and even that is pretty lousy
>> -- the user can't possibly know what some script intends to do with
>> some key, nor can the browser figure it out either.  And yet, if we
>> don't even do that, then what do we expect a JS crypto API to do for
>> us, in terms of security?  A JS crypto API will NOT help us improve
>> security unless we also greatly improve server/script authentication.
> Well, that's one approach.  I'm fairly skeptical about the prospects
> for trusted code and therefore delegate the gory stuff to the browser
> itself.  Creating a multistep E2ES (End-to-End Security) provisioning

Wait a minute.  If we don't even trust the browser, we're done, we
might as well go home.

Now, I understand that local security is a challenge.  But from a
network protocol point of view we have no choice but to assume local
security.  (Even if we relied on one-time passwords/keys, we'd still
have the problem that a compromised end-point with access to a user's
credentials can misuse the user's session.)

But there's a major distinction between trusted code in the browser's
TCB, and code that is downloaded.  The latter is not trusted nor
trustworthy unless we rely on code signing (and even then, the code
signer probably doesn't audit the source code nor any build systems,
in which case code signing adds less than one might think, though
still more than nothing, even if only marginally).

So let's not say that we can trust scripts because we can't trust
browsers!  That's a serious fallacy.

> scheme like KeyGen2 based on a set of JS-methods and objects seems
> infeasible; it will most likely turn up as MSFT's "CertEnroll" which
> has been replaced by proprietary solutions since it simply doesn't
> work.  MSFT is reportedly replacing it with something more along the
> lines I propose, running in trusted code and uses XML Schema.

I don't follow this comment.

> That said, a JS crypto API would be great but it does not eliminate other
> solutions it may complement it.

Great... for what?

Prediction: sites will claim that they use AES-256 or whatever as a
badge of trustworthiness, and they will use such algorithms -- in
their scripts, and mostly just so they can make such claims.  And yet
look ma! no security!

Received on Tuesday, 7 June 2011 17:08:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:19 UTC