W3C home > Mailing lists > Public > public-credentials@w3.org > April 2016

Re: WebCrypto - In "progress" since 2012

From: Henry Story <henry.story@bblfish.net>
Date: Sat, 30 Apr 2016 09:08:18 +0100
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, Randall Leeds <randall.leeds@gmail.com>, Web Payments CG <public-webpayments@w3.org>, W3C Credentials Community Group <public-credentials@w3.org>
Message-Id: <432F1434-2C4A-40BF-BC54-9B2196986ACA@bblfish.net>
To: Halpin Harry <hhalpin@w3.org>

> On 30 Apr 2016, at 05:34, Harry Halpin <hhalpin@w3.org> wrote:
>>> More importantly, how is your vague complaining supposed to be in any
>>> way helpful?
>>> What are we supposed to take away from your message?
>> The thing I mentioned as another way forward.  It has IMO much better
>> chances of getting traction because crypto without trusted UI and
>> trusted storage isn't that terribly useful.
>> These topics were either rejected or ignored by the WebCrypto WG.
> For good reason. There isn't such a thing really as 'trusted UI' that
> users understand and there isn't a unified thing such as 'trusted storage.'

Harry is defending some very contradictory positions if you look at his
statements across the W3C globally.

1) On User Interface

I note that Harry is a huge defender of FIDO which of course does have user 
interfaces to allow the operating system/hardware to put the owners of the
hardware in control of key usage and does have trusted storage (usually hardware
based). So Harry as a staff member of the W3C thinks that good UI design is too difficult 
for browser vendors, but is ok for hardware vendors and closed consortia to define. 
Perhaps Harry is preparing to move there?

2) cross origin

One reason Harry gives for defending FIDO is that the cryptography it uses
is single origin, which is interpreted by Harry as an Absolute Requirement.
"Every key MUST only be used for one origin" 

On this interpretation of Single Origin the WebCrypto API is an aberration and 
actually bad for the web since it allows cross origin usage of keys. It actually
allows authentication across origins using HTTP-Signature which I have 
implemented [1]. 

So the doors Harry Opens Up here he actually closes in other fora.
 - Harry praises UI work done in a closed forum (FIDO) but says it is impossible 
   for browser vendors to achieve
 - Any potentially viral application of Web Crypto - which requires cross origin - 
  is slammed with the flimsiest of arguments

These two positions are not accidental of course. The declaration without argument
that User Interfaces that put the user in control of Web Crypto are impossible for
browser vendors and that cross origin is bad, are designed to stop progress being
made while making it look like Harry is actually pushing forward standards
in this space. 

 Harry is actually acting as a conceptual guard placed in front of a conceptual 
door. (Wether he is aware of the role he is playing I am not sure.) The door
that he - or those who have put him in the position he is in - do not want opened 
is the door that puts users in control of their keys. That position does have its 
vocal and powerful defenders: those arguing for key escrow. [2]


[1] https://github.com/solid/solid-spec/issues/52
[2] https://en.wikipedia.org/wiki/Key_escrow
Received on Saturday, 30 April 2016 08:08:41 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:41 UTC