W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2010

[whatwg] Proposal for secure key-value data stores

From: Jeremy Orlow <jorlow@chromium.org>
Date: Tue, 17 Aug 2010 12:00:34 +0100
Message-ID: <AANLkTik3Y+LxJuodrj0+be9fKUPBOiB2J5nEJM8qpfSi@mail.gmail.com>
On Tue, Aug 17, 2010 at 12:03 AM, Evan Ireland <eireland at sybase.com> wrote:

> One of our key concerns is with Web SQL Database API (which we prefer) or
> Indexed Database API.
>
> I might wish to build an offline web application which will refuse to
> operate if the browser cannot guarantee that the database is encrypted. Now
> full-disk encryption would be fine (if the O/S has a power-on password),
> but
> how can my web application author detect (using a JS API) if any data
> stored
> in a browser's database is in fact encrypted (or not)?
>
> Such uncertainty might force us (as a vendor) to have to develop
> platform/browser-specific plugins to providew an alternative implemantation
> of the database API so we can be confident that database storage is secure.
>

Knowing whether the platform (whether platform means the OS or the browser)
is encrypting things for you is a very different use case.  I definitely
think exploring it (maybe in a new thread) has merit.


On Tue, Aug 17, 2010 at 12:31 AM, Dirk Pranke <dpranke at chromium.org> wrote:

> On Mon, Aug 16, 2010 at 3:58 PM, Ian Hickson <ian at hixie.ch> wrote:
> > On Tue, 30 Mar 2010, Dirk Pranke wrote:
> >>
> >> Nicholas is almost certainly discussing the case where the service
> >> provider requires any data stored on a customer's computer to be
> >> encrypted, not the provider's own computers. (e.g., this could be a
> >> Yahoo! policy that data stored on Yahoo! users' computers must be
> >> encrypted).
> >>
> >> Hence they cannot enforce anything like "use FileVault".
> >
> > If you can't enforce whole disk encryption, but you are concerned that an
> > attacker could have access to your machine, it seems that there is no
> > solution, since an attacker could just install a rootkit and then carry
> > out arbitrary attacks remotely, including simply replacing the browser
> > with one that intercepts all the user's data as it is written.
> >
>
> While it is true that it would not defend against all attacks, it will
> still defend against some classes of attacks (e.g. casual snooping),
> and may still be valuable.


Adding API surface area to defend against "casual snooping" seems a
bit ridiculous/overkill to me.  Especially when web apps can do this in JS
today if they really wish.

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100817/5f9d8ff0/attachment.htm>
Received on Tuesday, 17 August 2010 04:00:34 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:00 UTC