Re: security of a client-side JS API? from Arthur D. Edelstein on 2012-10-31 (public-webcrypto-comments@w3.org from October 2012)

From: Arthur D. Edelstein <arthuredelstein@gmail.com>
Date: Wed, 31 Oct 2012 04:34:19 -0700
To: Ryan Sleevi <sleevi@google.com>
Cc: public-webcrypto-comments@w3.org
Message-ID: <CADHWJb7GLpqv3Vxeu7Y_Fg5C_jMyvgFcEhWWCia446Mdomt20w@mail.gmail.com>

Hi Ryan,

Thanks for the reply. Sorry for not being clear. By "correct and honest" I
meant code that doesn't leak data (through malice or incompetence) to
parties that aren't supposed to have it.

I don't think Content-Security-Policy protects either the users or the web
app providers from leaky code. Users can be attacked by leaky JS code
running in the user agent (CSP doesn't guarantee to the user that the web
app isn't delivering JS code from the one of the permitted hosts to steal
user data, a la Hushmail). Users will need to trust the web app to properly
secure their data, which is the status quo.

Web app providers are also threatened by a leaky implementation of the
Crypto API in a web client (for example, a bot with a bad RNG or key
generator). So providers will prefer to use server side key generators, etc.

As far as I can tell, neither side can trust the cryptographic results,
because neither side has control of both the Crypto API implementation and
the code that is using it.

So I feel that this standard doesn't provide any new security guarantees,
either to the user or the web app provider. I am missing something? Thanks
again.

Best regards,
Arthur

Received on Wednesday, 31 October 2012 11:34:46 UTC