W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2014

[Bug 25345] Set window.crypto and all properties of window.crypto writable to false

From: <bugzilla@jessica.w3.org>
Date: Tue, 15 Apr 2014 18:37:16 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25345-7213-fdOvx6L7OC@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25345

Ryan Sleevi <sleevi@google.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #7 from Ryan Sleevi <sleevi@google.com> ---
As Boris has explained, this does not provide any meaningful security - but
worse, gives the appearance of security.

If an attacker can inject script, they can alter the operating environment in
any number of ways - from manipulating objects (like String.prototype) to
altering code that calls getRandomValues and such.

Mitigations such as CSP provide meaningful security, and thus should be
encouraged (and, in previous discussions, were attempted to be required - but
to no effect).

The argument for protecting against 'accidental' overwriting is equally
troubling, as it suggests an author capable of implementing secure
cryptography, but not implementing secure javascript - which is a scenario that
is equally doomed to failure independent of the spec action here.

There's no question that we want to remove things that will obviously cause
harm, but at the same time, the security boundaries should be crisp, and we
should only attempt to normatively specify things that will meaningfully
improve security (eg: requiring SSL or CSP)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 15 April 2014 18:37:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC