Re: W3C Web Crypto WG - asian call take away 10th of february from Anders Rundgren on 2014-02-11 (public-webcrypto-comments@w3.org from February 2014)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 11 Feb 2014 07:23:38 +0100
To: Mountie Lee <mountie@paygate.net>, 조상래 <sangrae@etri.re.kr>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <52F9C1EA.9040008@gmail.com>

http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0036.html

"Mountie and Sangrae mentioned their needs for 1) clarifying the key storage
definition (currently left to the implementers in the specification) and
2) allowing the scenario of a site A delivering a key to be used by a
site B (also known as exception to the same origin policy). In that case,
it is expected that the user would be in charge of accepting this exception"

1) This is a core WebCrypto feature and cannot be changed without going back to square #1.

2) This is not comparable to a user accepting site B, it is the user granting site B UNRESTRICTED CODE ACCESS to a key issued by site A.
Q1: Why would site A (like a bank or national CA) accept such an arrangement?
Q2: When site B issues a

crypto.subtle.sign ({name: "RSASSA-PKCS1-v1_5", hash: {name:"SHA-256"}}, siteA_privKey, data).then ...

what is the UA supposed to do then? Note: current implementations do not bring up a GUI here.

That is, this model presumes that (the for site A possibly unknown) site B is "good" and that the user knows that.

As a local solution in Korea it may work, as an Internet-scale standard it does not.

Regarding CMP: We still haven't any information on how keys enrolled through the CMP scheme showcased in Shenzhen relates to WebCrypto.
My guess is that they are entirely unrelated which means that this is rather a challenger to <keygen> & friends.
Unfortunately I don't see that CMP brings much value to the table compared to <keygen>.

Revocation? Issuers do not permit end-users to directly revoke credentials. It is a management operation. Consider these scenarios:
- Token loss: How can you through cryptographic methods revoke a key when you actually have lost it?
- User terminating the service: Wouldn't revocation (if needed) rather be performed by the subscription service?

Renewals then? Well, CMP can do that but not in a way that can work for end-users. CMP was designed for PKI administrators.

Security? It is unclear to me what CMP could possibly do here which <keygen> doesn't already do.

I don't enjoy being a royal PITA, I'm actually trying (hard) to get you (back) on track |-:

Cheers
Anders

Received on Tuesday, 11 February 2014 06:24:11 UTC