W3C home > Mailing lists > Public > public-webcrypto@w3.org > September 2012

Re: Use Cases | ACTION-13 Revisited

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 4 Sep 2012 23:38:40 +0000
To: Ryan Sleevi <sleevi@google.com>
CC: "public-webcrypto@w3.org Working Group" <public-webcrypto@w3.org>, "Arun Ranganathan" <arun@mozilla.com>, "estark@mit.edu" <estark@mit.edu>, "Vijay Bharadwaj" <Vijay.Bharadwaj@microsoft.com>, Mitch Zollinger <mzollinger@netflix.com>
Message-ID: <4990E087-D460-4B20-95B7-1519A51F0EF0@netflix.com>

On Sep 4, 2012, at 4:04 PM, Ryan Sleevi wrote:

> On Tue, Sep 4, 2012 at 12:35 PM, Mark Watson <watsonm@netflix.com> wrote:
>> Here's a revised shortened proposal for the use-case text (including Vijay's
>> suggestion)
>> "Use case: Secure application protocol with user and device authentication
>> Using the Web Cryptography API, a web application implements a secure
>> application protocol in Javascript, supporting confidentiality, message
>> integrity and authentication for both user and for the device. Device
>> authentication is based on pre-provisioned keys, when they are supported by
>> the device. Pre-provisioned keys enable the service to establish the
>> identity of the device into which the keys were originally embedded, thereby
>> establishing a level of trust based on prior knowledge of that device and
>> its security properties. The level of service provided is adapted to the
>> type of device and level of trust established.
>> For the purposes of this use-case, pre-provisioned keys need only have
>> origin scope and thus need not lead to cross-origin tracking concerns.
>> When a user navigates to the site making use of these capabilities using a
>> device supporting pre-provisioned keys, the User Agent provides the
>> Javascript application with access to the corresponding pre-provisioned keys
>> through the Web Cryptography API. Before doing so, the User Agent obtains
>> user consent through8 the use of context-specific mechanisms (possibly
>> including UI prompts)."
>> ůMark
> Thanks for providing this text, Mark.
> My concern with the addition of the Netflix use case is:
> As it relates to Netflix's proposal specifically, my concerns are:
> - The existing use cases try to focus on the client/user-agent
> behaviour, while the Netflix proposal seems more focused on the
> service provider.

MW> This is true, but I'm not sure why it is a concern ? Services need security too, for the same reasons as users.

> - The existing use cases try to describe novel constructions of a
> series of operations, whereas the Netflix proposal seems to broadly
> focus on everything, but without quite describing what operations are
> actually necessary to perform.

MW> Is this concern addressed if we're more specific in the use-case about the operations needed ?

> - The existing use cases try to describe generic services that can be
> implemented whether you're 15 or a Fortune 500. The Netflix use case
> does seem inherently tied to pre-provisioned keys (exclusively), and
> thus is not something that anybody can necessary implement, since they
> have to work with device manufacturers-et-al to actually discover
> these pre-provisioned relationships.

MW> This is true today, but there is no technical reason why devices couldn't mint new origin-specific pre-provisioned keys on demand.

> Broadly speaking, I think the API use cases should focus on use cases
> that can operate regardless of the provenance of the key - that is,
> whether it be pre-provisioned or generated.

MW> Why ? This seems an arbitrary place to draw the line on what is included.

> Obviously pre-provisioned
> can be used to bootstrap some trust, but the more focus on
> pre-provisioned we as a WG place, the further away from having any
> compelling story to be said to the broader Internet community about
> the interoperability of these APIs.

MW> I don't understand why that would be the case. Inclusion of material on pre-provisioned keys does not take away from any of the other features. We're not suggesting this should be a "special focus" of the group, just that it is one feature which should be included.

> In looking at the existing use cases, I'm trying to figure out what
> operations that are present in the Netflix case that are not already
> captured. The use of pre-provisioned keys is mentioned in the
> Multi-Factor Auth use case, and then again in the Document Signing use
> case. The key derivation scheme has been previously acknowledged as
> something more Netflix specific, so I'm not sure if it needs a special
> use case. Are there other operations you desire?

MW> The use of pre-provisioned symmetric keys to perform device authentication.

Received on Tuesday, 4 September 2012 23:39:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:13 UTC