[Bug 25972] Please require a secure origin from bugzilla@jessica.w3.org on 2014-06-05 (public-webcrypto@w3.org from June 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 05 Jun 2014 00:57:17 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25972-7213-kL6e1ZsWac@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972

--- Comment #10 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Boris Zbarsky from comment #9)
> > - are *not* similar, nor the same objection.
> 
> I think part of your problem is that you're confusing "secure origin" with
> "secure transport".
> 
> For example, an <iframe srcdoc="whatever" sandbox="allow-scripts"> in an
> https document will not be a "secure origin" (because it's a nonce origin),
> but is a "secure transport" (because the data came from the https page). 
> Why should this API be disabled in that situation?
> 
> The point being that all the definitions of "secure origin" I've seen people
> suggesting so far are so restrictive that they _do_ in fact cut out cases
> that can be secure.
> 
> > Having signature verification go over HTTP
> 
> Again, you're confusing origins and transports.  The two are not all that
> related on the web as it is nowadays, except in the simplest cases.
> 
> > the actual security goals of a "signature verification" system
> > are immediately defeated by the mutability of the environment when it's an
> > insecure environment.
> 
> If I have an https page that loads some API in a sandboxed iframe over https
> (sandboxed because I don't actually trust the API provider all that much)
> and then I want to prove to the API provider that I am actually me and
> postMessage stuff to it signed with my key, why should it not be able to
> perform client-side signature verification?  Which part of what I described
> is an "insecure environment" exactly?
> 
> > we should stop the proliferation of insecure-by-default
> 
> The rules you plan to adopt are _way_ more restrictive than that.

Boris,

Thanks for the color details. It's not clear from your response, and with
respect to Comment 1, whether you agree (in spirit) with "Secure Transport",
but disagree with "Secure Origin" (as proposed), or if you disagree with both.

Your objections here focused on the definition of Secure Origin - which is a
problem that we can and should engage in - but I got the feeling that on a more
basic level, you disagreed with a requirement for a Secure Transport. Is that
correct?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 5 June 2014 00:57:18 UTC