- From: Lyor Goldstein <lgoldstein@vmware.com>
- Date: Mon, 3 Mar 2014 22:36:46 -0800 (PST)
- To: <public-webcrypto-comments@w3.org>
> > > What prevents the attacker from directing the client JS to sign
> > the original server's certificate chain in script (eg: using RSASSA)?
Nothing of course - the attacker would have to inspect and modify the
javascript on the fly - which isn’t an easy task if we apply some
obfuscation techniques (and before anyone says "obscurity is not security" -
I totally agree, but would also like to quote that "security is not a
solution but a process"). In principle I totally agree with the general
statement that "I do not believe WebCrypto can or should try to prevent
MITM", but on the other hand let's not make it too easy for MITMs...
> > > And before anyone says "Use what you show in the UI for the lock",
> > this fundamentally ignores the use case of why you want to bind to the
> > cert - and how you can fundamentally subvert it.
I do not claim it solves the whole MITM issue, but using what is shown in
the UI for the lock is (IMO) a small step forward. Furthermore, even leaving
the MITM issue aside, why shouldn't javascript have access to the data shown
in the UI for the lock ? I concede that I cannot show a compelling use case
why this must be done, but my instinct as a developer tells me that it may
be a useful feature for other purposes besides security. I admit that since
I do not know how much effort it would involve to add this feature it may
require some compelling reason to mandate it, but if on the other hand it is
simple enough I believe it may provide useful functionality in the future
that we currently cannot foresee ("build it and they will come" :-))
Received on Tuesday, 4 March 2014 06:37:16 UTC