[Bug 26080] Remove unsafe named curves from Web Crypto API from bugzilla@jessica.w3.org on 2014-06-12 (public-webcrypto@w3.org from June 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 12 Jun 2014 22:38:54 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-26080-7213-MefAHAfPfN@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26080

--- Comment #5 from Greg Slepak <hi@okturtles.com> ---
(In reply to Ryan Sleevi from comment #4)
> Referencing SSL 2.0 is entirely orthogonal to the discussion. This would be
> akin to the next draft of HTML removing support for the canvas tag entirely.
> Just because you removed it from your spec doesn't magically make it stop
> existing, nor does it remove browsers' need to support it, as pages live on.
> 
> The history of HTML - and in the Web in general - is that APIs are not
> deprecated. Period. And so far, it's been a good story.

Two things:

1. See no longer rendered <BLINK> tag.

2. I acknowledged this is mostly true when I said "Maybe my wording is off a
bit here,
I just mean that broken crypto shouldn't be pushed onto browser vendors or
anyone else."

> Let's keep the excitement to a minimum, and the objectivity at a balanced
> level.  "Thereby endangering the security of the net" is a statement that
> can be shown to be demonstrably false, and is at best an emotional appeal.
> It is application developers, not user agents, that are best capable of
> evaluating their appropriate requirements for security and interoperability.
> Web Crypto simply provides those tools.

This bug started as an offshoot of bug 25839, where I was told (by you) in not
precisely these words, that the Web Crypto API is not recommending that
specific
curves be implemented.

I wouldn't have created this bug if your spec offered a single safe curve,
but it does not, so it can be argued that the "tools" it's providing aren't
very good (currently). Hopefully a safe curve(s) will be added to the spec
soon.


> If you still truly believe that the use of these curves endangers the
> security of the net (an opinion I would strongly disagree with you), even if
> you feel these use cases are out of luck (which would go against our
> charter, arguably), you'd be far better protecting the net by getting them
> out of TLS and X.509, since that's the basis of all the user agent security
> promises to begin with. If they are insecure, then NOTHING built on
> WebCrypto can be secure, since they'd be on an insecure transport.

It would be better for me to file this bug for TLS (wherever that would be),
that's
probably true.

That doesn't mean, however, that in all cases the security of WebCrypto is
limited by TLS (for example, browser extensions that store pinned certs or
fingerprints locally would clearly have security exceeding that of TLS +
X.509).

A look forward for more (safer) curve diversity in the spec, and hope it makes
it into the 1.0 (or w/e you call your final release).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 12 June 2014 22:38:55 UTC