- From: Aymeric Vitte <vitteaymeric@gmail.com>
- Date: Tue, 09 Apr 2013 01:17:53 +0200
- To: Ryan Sleevi <sleevi@google.com>
- CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
This sounds as usual... Before answering you should really analyze what is being submitted, the fact that you are closely working on the SSL/TLS stack of two "major" browsers or others is not enough, I have too analyzed what are doing browsers for TLS/SSL for these projects, and that's not encouraging for security, easy way solution, strange default TLS versions, silent failures when there is a suspicion, silent failures when the origin is different, and some other strange/abnormal behaviors, not withstanding strange scripts insertions, or some messages sent outside without you knowing it, some using tls so you can absolutely not know what they are sending outside, so your argument of browser confidence does not stand. The argument of SOP does not work too, if you look again at ianonym.com "Details" I have put a small note (at the end) about it, that's much stronger than SOP, that's a kind of Unique Origin Policy, ie this will defeat everything that could potentially harm or annoy from outside origins (like ads, tracking scripts, iframes, etc) but this will allow outside not dangerous scripts (like jQuery) I am not talking only about """"untrusted"""" certificates (what is a trusted certificate?), I am talking about WebRTC like mechanisms too. Or I am talking about doing your own stuff independantly of the browser, like node-Tor I really don't see what's the problem, as you mentioned yourself in other emails and I agreed, people can already do terrible worst unsecured things, so if they mess up with this that's their problem. And here the use case is not about accessing low level TCP but using the standard WebSockets "are vastly vastly more reasonable and secure than the use case you've presented." Which one? There are several use cases. Indeed you can not prevent this to happen, this is already happening, then it should better be considered, not as accessing low level TCP but doing this with standards. Regards, Le 08/04/2013 23:44, Ryan Sleevi a écrit : > I know this will sound harsh, but this simply seems like the > realization of the worst-case predictions of the web crypto > detractors. > > That it's possible does not and should not mean it's encouraged, for > many of the reasons that have already been discussed - most notably > the breaking of SOP and of encouraging untrusted/unvalidated > certificates. > > As someone who works closely on the SSL/TLS stack of two major > browsers, I can only hope that such code does not become the norm. > While I can't prevent it, I can't in good conscience encourage it. > > I realize that there are similar arguments to be made in the *Sysapps* > realm, where discussions about low-level TCP socket access have > happened. For example, implementing an IMAP client with STARTSSL > support, or implementing POPS, are vastly vastly more reasonable and > secure than the use case you've presented. They require a radically > different rethinking though, and, arguably, are better suited not for > this group but for Sysapps, where such discussions about security and > what "Web Apps" should expect to be able to leverage. > > On Mon, Apr 8, 2013 at 5:07 PM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: >> Here : https://gist.github.com/Ayms/027737d92c2245b4f9d4 >> >> TLS/SSL Use Case, implementation of a TLS/SSL server and/or client inside >> the browser on top o WebSockets, with high level TLS/SSL spec and code >> example. >> >> I have tried to make it short and simple, do not focus on details, normally >> it's easily understandable, that's not theorical it's already working in >> reality. >> >> Regards, >> >> -- >> jCore >> Email : avitte@jcore.fr >> iAnonym : http://www.ianonym.com >> node-Tor : https://www.github.com/Ayms/node-Tor >> GitHub : https://www.github.com/Ayms >> Web : www.jcore.fr >> Webble : www.webble.it >> Extract Widget Mobile : www.extractwidget.com >> BlimpMe! : www.blimpme.com >> >> -- jCore Email : avitte@jcore.fr iAnonym : http://www.ianonym.com node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms Web : www.jcore.fr Webble : www.webble.it Extract Widget Mobile : www.extractwidget.com BlimpMe! : www.blimpme.com
Received on Monday, 8 April 2013 23:15:58 UTC