Re: Draft finding - "Transitioning the Web to HTTPS"

(Reordering quotes)
>> On Jan 9, 2015, at 9:33 AM, David Sheets <kosmo.zb@gmail.com> wrote:
>> Web Crypto over http + SRI with digests delivered over a certified
>> transport (e.g. TLS) should be secure.

On Fri, Jan 9, 2015 at 11:06 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote:
> Where does this put the Chrome's team assertion that https is needed for Web Crypto?

It leaves the assertion as being correct.

 1) David's answer assumes that you'd be able to waive mixed-content
blocking using SRI, but that's not a feature that exists in present
tense (AFAIK). Also, it's an open issue in the current draft
http://w3c.github.io/webappsec/specs/subresourceintegrity/
 2) Even if we assume that SRI will allow you to waive confidentiality
of subresources, the integrity still chains to the main resource that
needs to be delivered via https for Web Crypto to be secure.

So even if SRI ends up allowing the waiver of confidentiality for
subresources, the integrity of the JS code running under the authority
of the origin purporting to do something secure with Web Crypto still
needs to chain to https for there to be protection against active
MITMs.

What made you read David's words "certified transport (e.g. TLS)" as
not meaning https?

> Don't expect you to be able to answer all of these questions but I feel like Google needs to evaluate whether they have the right expertise in security on the Chrome team or if the web's most popular browser is driven by false assumptions in this area.

They have the right expertise.

-- 
Henri Sivonen
hsivonen@hsivonen.fi
https://hsivonen.fi/

Received on Monday, 12 January 2015 13:52:58 UTC