W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > October 2012

Re: Pre-provisioned Key-access Proposal - Privacy Consideration Update

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 30 Oct 2012 11:13:38 +0000
To: Ryan Sleevi <sleevi@google.com>
CC: Anders Rundgren <anders.rundgren@telia.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <84DD7EFB-9BAB-4D25-ADD1-457E2F6C3528@netflix.com>

On Oct 30, 2012, at 12:02 PM, Ryan Sleevi wrote:

> On Tue, Oct 30, 2012 at 2:24 AM, Anders Rundgren
> <anders.rundgren@telia.com> wrote:
>> Although I haven't received that much feedback on
>> 
>>   http://webpki.org/papers/PKI/pki-webcrypto.pdf
> 
> There are a lot of documents and submissions for the WG to review.
> This has been constantly mentioned in the past. While submissions from
> non-members are valuable and considered, it may be more fruitful to
> consider formally joining the WG (including IPR policy agreements) and
> making a formal member submission (eg: a spec) that provides a
> practical API, rather than describing the high-level objectives
> without any implementation guidance or concerns.
> 
> However, as has been mentioned several times, the focus and priority
> of this WG has been to resolve the low-level API issues.
> 
> For practical comments, I feel that the current doc is full of
> hand-wavey ideas that provide no guidance or actual APIs that show how
> many of these concepts are to work or be used. I also think that,
> absent formal membership, the IPR policies likely prevent this being
> something that the WG could adopt.

+1

> 
>> 
>> I have updated the document with a privacy consideration section.
>> 
>> The scheme offers no privacy silver bullet but maybe a "workable solution".
>> 
>> A generic Web Crypto issue seems to be that either you end-up with a standardized "key-picker" (probably pretty difficult to define) which would mark the selected key as usable by the application to use with the Web Crypto API, or you leave this responsibility to the [presumably well-written] application.   The described solution bets on the latter because this is much more flexible and may even turn out to be a prerequisite for market acceptance.  However, this introduces a potential privacy risk, since there's no platform-provided protection against key "misuse".
>> 
>> BTW, I have recently been experimenting with the extension-scheme used by for example Google to access the Android Play-store which is based on stand-alone handlers for unique protocols like "market://".  This is a strong challenger to Web Crypto solutions for pre-provisioned keys.  This scheme also fits quite nicely with the described solution.
>> 
>> -- Anders
>> 
>> 
> 
> 
Received on Tuesday, 30 October 2012 11:14:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 30 October 2012 11:14:12 GMT