W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2014

[Bug 25721] extractable keys should be disabled by default

From: <bugzilla@jessica.w3.org>
Date: Mon, 28 Jul 2014 19:40:58 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25721-7213-7OB796NeKm@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721

--- Comment #21 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Tom Lowenthal from comment #20)
> As it stands, the spec doesn't seem on track to implement a solution which
> will be actually useful at achieving the first goal specified in the WG's
> charter. I hope to find a solution which will allow developers to implement
> trustworthy applications.

Tom,

This is a mischaracterization. The API allows you to generate such applications
with unextractable keys. An application author is REQUIRED, by contract of the
API, to specify whether or not they desire keys to be extractable.

Again, to reiterate, if the API made all keys unextractable, then an
application author CAN, just the same, use a purely JS polyfill (as SJCL,
Forge, End to End, and countless others are PROOF of this), and have the EXACT
SAME API and capabilities as exposed through Web Crypto API. So it does
absolutely nothing to improve security to arbitrarily limit the API, since
there is no reduction of capabilities in a polyfill, only a real and tangible
reduction of security.

Put differently: Your solution will make the web less secure. Provably.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 28 July 2014 19:41:00 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:23 UTC