W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2013

Re: WebCrypto API TLS/SSL Use Case + start of a TLS/SSL proposal.

From: Aymeric Vitte <vitteaymeric@gmail.com>
Date: Tue, 09 Apr 2013 01:17:53 +0200
Message-ID: <51635021.9070502@gmail.com>
To: Ryan Sleevi <sleevi@google.com>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
This sounds as usual...

Before answering you should really analyze what is being submitted, the 
fact that you are closely working on the SSL/TLS stack of two "major" 
browsers or others is not enough, I have too analyzed what are doing 
browsers for TLS/SSL for these projects, and that's not encouraging for 
security, easy way solution, strange default TLS versions, silent 
failures when there is a suspicion, silent failures when the origin is 
different, and some other strange/abnormal behaviors, not withstanding 
strange scripts insertions, or some messages sent outside without you 
knowing it, some using tls so you can absolutely not know what they are 
sending outside, so your argument of browser confidence does not stand.

The argument of SOP does not work too, if you look again at ianonym.com 
"Details" I have put a small note (at the end) about it, that's much 
stronger than SOP, that's a kind of Unique Origin Policy, ie this will 
defeat everything that could potentially harm or annoy from outside 
origins (like ads, tracking scripts, iframes, etc) but this will allow 
outside not dangerous scripts (like jQuery)

I am not talking only about """"untrusted"""" certificates (what is a 
trusted certificate?), I am talking about WebRTC like mechanisms too.

Or I am talking about doing your own stuff independantly of the browser, 
like node-Tor

I really don't see what's the problem, as you mentioned yourself in 
other emails and I agreed, people can already do terrible worst 
unsecured things, so if they mess up with this that's their problem.

And here the use case is not about accessing low level TCP but using the 
standard WebSockets

"are vastly vastly more reasonable and secure than the use case you've 
presented."

Which one? There are several use cases.

Indeed you can not prevent this to happen, this is already happening, 
then it should better be considered, not as accessing low level TCP but 
doing this with standards.

Regards,

Le 08/04/2013 23:44, Ryan Sleevi a écrit :
> I know this will sound harsh, but this simply seems like the
> realization of the worst-case predictions of the web crypto
> detractors.
>
> That it's possible does not and should not mean it's encouraged, for
> many of the reasons that have already been discussed - most notably
> the breaking of SOP and of encouraging untrusted/unvalidated
> certificates.
>
> As someone who works closely on the SSL/TLS stack of two major
> browsers, I can only hope that such code does not become the norm.
> While I can't prevent it, I can't in good conscience encourage it.
>
> I realize that there are similar arguments to be made in the *Sysapps*
> realm, where discussions about low-level TCP socket access have
> happened. For example, implementing an IMAP client with STARTSSL
> support, or implementing POPS, are vastly vastly more reasonable and
> secure than the use case you've presented. They require a radically
> different rethinking though, and, arguably, are better suited not for
> this group but for Sysapps, where such discussions about security and
> what "Web Apps" should expect to be able to leverage.
>
> On Mon, Apr 8, 2013 at 5:07 PM, Aymeric Vitte <vitteaymeric@gmail.com> wrote:
>> Here : https://gist.github.com/Ayms/027737d92c2245b4f9d4
>>
>> TLS/SSL Use Case, implementation of a TLS/SSL server and/or client inside
>> the browser on top o WebSockets, with high level TLS/SSL spec and code
>> example.
>>
>> I have tried to make it short and simple, do not focus on details, normally
>> it's easily understandable, that's not theorical it's already working in
>> reality.
>>
>> Regards,
>>
>> --
>> jCore
>> Email :  avitte@jcore.fr
>> iAnonym : http://www.ianonym.com
>> node-Tor : https://www.github.com/Ayms/node-Tor
>> GitHub : https://www.github.com/Ayms
>> Web :    www.jcore.fr
>> Webble : www.webble.it
>> Extract Widget Mobile : www.extractwidget.com
>> BlimpMe! : www.blimpme.com
>>
>>

-- 
jCore
Email :  avitte@jcore.fr
iAnonym : http://www.ianonym.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
Web :    www.jcore.fr
Webble : www.webble.it
Extract Widget Mobile : www.extractwidget.com
BlimpMe! : www.blimpme.com
Received on Monday, 8 April 2013 23:15:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:16 UTC