[Bug 25385] clear key cannot provide basic protection, why not considering web cryptography API from bugzilla@jessica.w3.org on 2014-05-05 (public-html-bugzilla@w3.org from May 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 05 May 2014 07:50:22 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-25385-2486-qqrxzk4Ol1@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25385

--- Comment #10 from GEXIN1984@GMAIL.COM ---
You're right. This is still not secured. Maybe the public key should be signed
by UA. 
Then what if the CDM reuse the HTTPS client key to sign the public key it send?
Or the CDM directly reuse the HTTPS key pairs for content key delivery? 
Because the HTTPS keys are the security mechanism that are already established
between UA and server, which are not exploded to JS.
Thanks.
GE Xin
(In reply to David Dorwin from comment #8)
> (In reply to GEXIN1984 from comment #5)
> > I just think the Webcrypto has already provide a method, if reused here, it
> > maybe simpler for specification.
> 
> The same level of security as Clear Key could be provided by WebCrypto, but
> that would introduce an additional path and set of APIs.
> 
> > However, if my proposal is too complex, provide a public key to encrypt the
> > simple key can also work, I think. But what I want to emphasize is that the
> > plain text content key should not be available in JS environment. That is
> > the main issue.  The UA may decrypt the content key using the private key
> > and then directly pass it to the simple key CDM. Then the content key is not
> > exposed to the JS.
> 
> Where does the public key come from? How does the license server know that
> it wasn't generated in JavaScript?
> 
> (In reply to GEXIN1984 from comment #7)
> > (In reply to David Dorwin from comment #4)
> > > Actually, I don't think there is any additional security since JavaScript
> > > (or anything else) could have provided the public key.
> > What do you mean by JavaScript provided the public key? the WebCrypto API?
> > But by using this API, the content key decrypted is still exposed to JS, so
> > it is not secure. So I propose to integrate the WebCrypto API with EME by
> > passing the encrypted content key directly to the simple key CDM.
> 
> Is your goal to make the content key inaccessible to the user from
> JavaScript?
Yes, I think if the content key is accessible to JS, there is no security. But
to hack UA is much more difficult.
> 
> While WebCrypto can be used to accomplish this, there is nothing that
> enforces this. The user could bypass the WebCrypto calls and provide a fake
> public key that the user can then use to decrypt the content key. Without
> some more complex mechanism, there is no way to determine that the public
> key came from the UA.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 5 May 2014 07:50:23 UTC