- From: <bugzilla@jessica.w3.org>
- Date: Wed, 22 Oct 2014 23:24:26 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 --- Comment #22 from Mark Watson <watsonm@netflix.com> --- (In reply to Ryan Sleevi from comment #21) > (In reply to Ehsan Akhgari [:ehsan] from comment #20) > We'll have to disagree there. The entire point is that, without an > authenticated origin, you *cannot* have secure key storage for any > meaningful definition of secure. An attacker in a privileged position can > > a) postMessage the Key object (structured clonable) to an origin of their > choosing for later use at a time of their choice, able to fully decrypt or > forge any messages > b) force the UA into a downlevel form such that it re-generates the key in > an insecure way (this is the problem with the "TOFU" model, in that it > trivially falls apart) > > For an *unauthenticated* origin, everything WebCrypto provides can be met > via polyfill, which is what I mentioned in my previous message. It's > precisely because of this that it's entirely uninteresting to implement (as > an unnecessary surface of the web platform). > I agree that if the goal is for something to be "secure" in a meaningful and unqualified sense, then an authenticated origin is needed. But what if your goals are more modest than that ? What if confidentiality against passive monitoring is of value to you without confidentiality against active attackers ? I get that your opinion is that such a limited form of confidentiality is without value. But that opinion must be based on assumptions about the likely attackers and the value of the information to which the confidentiality applies. Those assumptions may not hold for all use-cases and you should not impose them on others. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Wednesday, 22 October 2014 23:24:28 UTC