- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Sat, 05 Nov 2011 09:51:14 +0100
- To: Ben Laurie <benl@google.com>
- CC: channy@gmail.com, public-identity@w3.org
On 2011-11-04 11:23, Ben Laurie wrote: >> a compatiblity between keystore in each browsers. Some applications can try >> a same keypare management in them. > > I am not sure that this is wise, either. If you allow applications to > manage keys, then you open the door for attackers to "manage" the keys > into their keystore. So, some way of getting keys between browsers > without needing anything but the browser itself seems necessary. How keys are stored and managed is a platform issue. In Windows there is a central keystore that all applications (good or bad) can use. Gnome Keyring is an attempt creating a similar scheme for Linux. If you feel that there are issues with respect to key (mis)use this must either be solved by distributing the keystore withe the application, or by adding "ACLs" to keys. I believe the latter is the right approach although it requires a deeper interaction with the operating system than what is typically the case today. IMHO this question is firmly outside of what this WG could deal with, unless the platform vendors express some genuine interest in addressing this (quite exciting) topic. As far as I can see there is essentially only one problem and that is finding a (reasonably) universal way of identifying an "application", since performing the actual "ACLing" is (close to) trivial. BTW, SKS/KeyGen2 is ready taking on this task as soon as the identification issue has been resolved; the ACL is just an (optional) typed key attribute. As a builder of secure server applications, I also find it slightly strange putting key passwords in "config" files when I actually know which OS user and application which is the only legitimate user of a particular key. Since ACLs work for files, they must surely work for keys as well! The added dimension "application" should not require (major) OS changes; however, the keystore and its associated subsystems do. Anders
Received on Saturday, 5 November 2011 08:51:59 UTC