W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2010

[whatwg] Proposal for secure key-value data stores

From: Dirk Pranke <dpranke@chromium.org>
Date: Tue, 17 Aug 2010 11:05:06 -0700
Message-ID: <AANLkTinUHqTfjhD16Gb0eJyy8E0s+0OT7nPWG2Nm6=1A@mail.gmail.com>
On Tue, Aug 17, 2010 at 4:00 AM, Jeremy Orlow <jorlow at chromium.org> wrote:
> On Tue, Aug 17, 2010 at 12:31 AM, Dirk Pranke?<dpranke at chromium.org>?wrote:
>>
>> On Mon, Aug 16, 2010 at 3:58 PM, Ian Hickson <ian at hixie.ch> wrote:
>> > On Tue, 30 Mar 2010, Dirk Pranke wrote:
>> >>
>> >> Nicholas is almost certainly discussing the case where the service
>> >> provider requires any data stored on a customer's computer to be
>> >> encrypted, not the provider's own computers. (e.g., this could be a
>> >> Yahoo! policy that data stored on Yahoo! users' computers must be
>> >> encrypted).
>> >>
>> >> Hence they cannot enforce anything like "use FileVault".
>> >
>> > If you can't enforce whole disk encryption, but you are concerned that
>> > an
>> > attacker could have access to your machine, it seems that there is no
>> > solution, since an attacker could just install a rootkit and then carry
>> > out arbitrary attacks remotely, including simply replacing the browser
>> > with one that intercepts all the user's data as it is written.
>> >
>>
>> While it is true that it would not defend against all attacks, it will
>> still defend against some classes of attacks (e.g. casual snooping),
>> and may still be valuable.
>
> Adding API surface area to defend against "casual snooping" seems a
> bit?ridiculous/overkill?to me. ?Especially when web apps can do this in JS
> today if they really wish.

I was not intending to suggest that it was a reason for adding an API,
simply to point out that not being able to defend against a rootkit is
not a good reason *not* to do it. Especially since full disk
encryption won't save you if you've been rooted, either :)

I continue to think that the best approach to start with would be to
implement a library in JS that did crypto on top of the Platform APIs
(and having a native crypto API would be nice as well), and if it
turned out to be useful we could roll it into the platform.

-- Dirk
Received on Tuesday, 17 August 2010 11:05:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:00 UTC