[whatwg] "secure" attribute in Storage section of WA spec

Sorry for the delay in getting back to this.

The context is that I asked for the "secure" attribute in the
StorageItem interface to be an integer rather than a boolean, to
accommodate Extended Validation certs as an additional security level.

Ian Hickson wrote:
> Is it ever possible to get an "ordinary cert" which claims to identify 
> some domain, but which was not purchased by the owners of that domain? 

Possibly. Some CAs issue "domain validation" certificates, which just
say "yes, you own this domain". They confirm domain ownership by email
to the contact listed in the DNS. If you put in a malicious request, and
can intercept that email (perhaps by DNS spoofing), and reply to it
authorising certificate issuance, then you can get a cert for a domain
which is not yours.

Perhaps this is not likely enough to worry about, and perhaps we can
persuade even these "low-end" CAs to raise their game a little bit. And
it will certainly not be possible to get an EV cert like this.

I'm in two minds about whether I think this is still a good idea. On the
one hand, it's true that the cert system (even at its lowest) should not
be leaky enough to leak certs to people who don't own domains - even if
the domain owner remains anonymous. On the other hand, we can't foresee
the future, and it might give EV cert site owners an additional
reassurance that there's no way anyone can get at their stored data
unless they've managed to break the EV (as opposed to the standard) process.

Gerv

Received on Monday, 21 August 2006 06:48:34 UTC