Re: [WebCrypto.Next] Microsoft's Contribution from Anders Rundgren on 2014-11-26 (public-web-security@w3.org from November 2014)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 26 Nov 2014 06:13:42 +0100
To: Mountie Lee <mountie@paygate.net>
CC: Martin Paljak <Martin.Paljak@ria.ee>, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <54756186.60608@gmail.com>
On 2014-11-26 03:14, Mountie Lee wrote:

Hi Mountie,

> In my industries, they have big interest for Microsoft's proposal.
> it actually touching important concepts

Yes, but the documentation Microsoft have submitted so far doesn't go
into details how their concept is working.

More comments-in-line.


> 1. Key Ownership
> - the design principle of current webcrypto api is "key provisioner (aka the server) has the key ownership"
> - if the key is owned by server side, the key will be bound into same origin policy
> - if the key is owned by user, the key can be used on multiple origins
> - different principle of key ownership is also touching secure elements at client side.
>
> I believe the Web should be User Centric

I agree with this on a higher level but it "seems" (I could be wrong)
that users would grant unknown web-code direct access to keys.

This is a vulnerability we didn't have before; the soon to be "outlawed"
plugins functioned as mediators, shielding keys from direct access.


> 2. Certificate Management
> - the suggested API seams workable for CMP (Certificate Management Protocol)

As far as I can tell CMP was designed for RAs (issuers) rather than end-users with web-browsers.
Since CMP doesn't even have a client key generation command, it must be anyway be "upgraded" and
then it seems like a better idea starting from scratch with something specifically designed for the web.

Microsoft's paper also refers to:
https://developer.chrome.com/extensions/enterprise_platformKeys
This looks more reasonable.  It is apparently implemented as well!


> 3. Secure Computing Environment
> - when the PC was compromised, SCE will protect sensitive client side resources.

An SE can protect keys from theft, but that's about as far as it goes if the
operating system is compromised.  Key "misuse" remains an issue in this case.

Best regards,
AndersR

>
> best regards
> mountie
>
> On Mon, Nov 17, 2014 at 4:14 PM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     On 2014-11-17 07:25, Martin Paljak wrote:
>
>         Hello,
>
>
>         Huge thanks to the creators of this presentation! I feel that parts of it target exactly the same sector (signatures with existing tokens) and direction and mindset and resulting functionality that we are using within Estonia and this makes a perfect collaboration target for us. This is similar to what we currently target with "proprietary" (but open source) plugins, just need to work on harmonizing the API to get comparable real life functionality.
>
>
>     Hi Martin,
>
>     Although the details are quite sketchy I have tried to "decipher" the documentation. These are my findings:
>
>     It *seems* that relying party code has direct API access (which *not* the case with plugins).
>
>     That is, it appears that *users* would need to decide (per site) if a site's *client code* is to be trusted or not.
>     IMO, issuers like banks would probably not accept such an arrangement.
>
>     OTOH, I may have gotten it all wrong due to the limited documentation :-)
>
>     Cheers,
>     Anders
>
>
>
>         Things like UI are still unclear from the slides but something that can be worked upon.
>
>
>         Best,
>         Martin
>         __________________________________________
>         From: GALINDO Virginie [Virginie.Galindo@gemalto.com <mailto:Virginie.Galindo@gemalto.com>]
>         Sent: Wednesday, November 12, 2014 11:33
>         To: public-web-security@w3.org <mailto:public-web-security@w3.org>; public-webcrypto@w3.org <mailto:public-webcrypto@w3.org>; Jeff.Hodges@PayPal.com; Anders Rundgren
>         Subject: [WebCrypto.Next] Microsoft's Contribution
>
>         Dear all,
>         Please note that the contribution made by Israel and Vijay, related to certificate management is now available on the web crypto WG wiki, classified in the F2F meeting page, here https://www.w3.org/2012/__webcrypto/wiki/images/d/dd/__CertAndKey_Management___Requirements_for_WebCrypto___microsoft.pdf <https://www.w3.org/2012/webcrypto/wiki/images/d/dd/CertAndKey_Management_Requirements_for_WebCrypto_microsoft.pdf>
>         This will be discussed when the group will be re-chartering.
>         Regards,
>         Virginie
>         __________________________________
>            This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
>         E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
>         Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
>
>
>
>
>
>
> --
> Mountie Lee
>
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net <mailto:mountie@paygate.net>
>
Received on Wednesday, 26 November 2014 05:14:17 UTC