RE: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution from Lu HongQian Karen on 2015-01-30 (public-webcrypto@w3.org from January 2015)

From: Lu HongQian Karen <karen.lu@gemalto.com>
Date: Fri, 30 Jan 2015 18:01:47 +0000
To: Brad Hill <hillbrad@fb.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
CC: "public-web-security@w3.org" <public-web-security@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Harry Halpin <hhalpin@w3.org>
Message-ID: <A57CF975EE20E94794D73B2B8943F62CBC98EF8C@A1GTOEMBXV003.gto.a3c.atos.net>
Brad,

I agree with you that access control and privacy protection are very important, and it is inappropriate to proceed without them. We have been considering these issues, as shown in our paper in the workshop last year.

http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/Gemalto_position_paper.html


Together we can work out a solution that respects the web security and threat model and may enhance it.

Thanks,
Karen


From: Brad Hill [mailto:hillbrad@fb.com]
Sent: Thursday, January 29, 2015 4:50 PM
To: Lu HongQian Karen; GALINDO Virginie; public-webcrypto@w3.org
Cc: public-web-security@w3.org; Wendy Seltzer; Harry Halpin
Subject: Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution

I would like to see details of how this kind of API would or could interact with the Same-Origin model of web security, specifically:

1.       Privacy and tracking.  How does the presence of specific crypto elements and discoverable keys which are not Origin-scoped not create privacy violations?
2. Origin security.  How are risks around identification of or impersonation of the server-side of a transaction, and potential abuse of a globally-scope key mitigated by  this kind of API design?

Without a clear discussion of how this API fits into the existing Web security and threat model, I think it is inappropriate to proceed.  We can't just throw away the fundamental security model that billions of users and deployed applications depend on, and I see no evidence (at least in these few slides) that such issues have been considered by this proposal.

Brad Hill

From: Lu HongQian Karen <karen.lu@gemalto.com<mailto:karen.lu@gemalto.com>>
Date: Wednesday, January 28, 2015 at 10:01 AM
To: GALINDO Virginie <Virginie.Galindo@gemalto.com<mailto:Virginie.Galindo@gemalto.com>>, "public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>" <public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>>
Cc: "public-web-security@w3.org<mailto:public-web-security@w3.org>" <public-web-security@w3.org<mailto:public-web-security@w3.org>>, Wendy Seltzer <wseltzer@w3.org<mailto:wseltzer@w3.org>>, Harry Halpin <hhalpin@w3.org<mailto:hhalpin@w3.org>>
Subject: RE: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution
Resent-From: <public-web-security@w3.org<mailto:public-web-security@w3.org>>
Resent-Date: Wednesday, January 28, 2015 at 10:04 AM

Please review Gemalto’s contribution. We welcome your comments.

Regards,
Karen

From: GALINDO Virginie [mailto:Virginie.Galindo@gemalto.com]
Sent: Wednesday, January 07, 2015 3:48 AM
To: public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
Cc: public-web-security@w3.org<mailto:public-web-security@w3.org>; Wendy Seltzer; Harry Halpin
Subject: [W3C Web Crypto WG] Rechartering discussion

Dear all,

Web Crypto WG charter [1] will end by the end of March. We need to prepare the next charter of Web Crypto.

As a reminder, the conversation has started on this page :   https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter

Feel free to add you ideas and suggestions on the wiki and/or expose your opinion and question on the public-webcrypto@w3.org<mailto:public-webcrypto@w3.org> or public-webcrypto-comment@w3.org<mailto:public-webcrypto-comment@w3.org> (for non W3C Web Crypto WG members).

Regards,
Virginie

[1] http://www.w3.org/2011/11/webcryptography-charter.html


________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Friday, 30 January 2015 18:02:19 UTC