- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 16 Feb 2015 09:34:02 +0100
- To: noloader@gmail.com
- Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, public-webapps WG <public-webapps@w3.org>
On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloader@gmail.com> wrote: > For the first point, Pinning with Overrides > (tools.ietf.org/html/draft-ietf-websec-key-pinning) is a perfect > example of the wrong security model. The organizations I work with did > not drink the Web 2.0 koolaide, its its not acceptable to them that an > adversary can so easily break the secure channel. What would you suggest instead? > For the second point, and as a security architect, I regularly reject > browser-based apps that operate on medium and high value data because > we can't place the security controls needed to handle the data. The > browser based apps are fine for low value data. > > An example of the lack of security controls is device provisioning and > client authentication. We don't have protected or isolated storage, > browsers can't safely persist provisioning shared secrets, secret > material is extractable (even if marked non-extractable), browsers > can't handle client certificates, browsers are more than happy to > cough up a secret to any server with a certificate or public key (even > the wrong ones), ... So you would like physical storage on disk to be segmented by eTLD+1 or some such? As for the certificate issues, did you file bugs? I think there definitely is interest in making the web suitable for this over time. It would help if the requirements were documented somewhere. -- https://annevankesteren.nl/
Received on Monday, 16 February 2015 08:34:26 UTC