Re: Web Cryptography Working Group scoping progressing...

On 2011-11-04 11:23, Ben Laurie wrote:

>> a compatiblity between keystore in each browsers. Some applications can try
>> a same keypare management in them.
> 
> I am not sure that this is wise, either. If you allow applications to
> manage keys, then you open the door for attackers to "manage" the keys
> into their keystore. So, some way of getting keys between browsers
> without needing anything but the browser itself seems necessary.

How keys are stored and managed is a platform issue.  In Windows there
is a central keystore that all applications (good or bad) can use.
Gnome Keyring is an attempt creating a similar scheme for Linux.

If you feel that there are issues with respect to key (mis)use this must
either be solved by distributing the keystore withe the application, or
by adding "ACLs" to keys.  I believe the latter is the right approach
although it requires a deeper interaction with the operating system than
what is typically the case today.

IMHO this question is firmly outside of what this WG could deal with,
unless the platform vendors express some genuine interest in addressing
this (quite exciting) topic.  As far as I can see there is essentially
only one problem and that is finding a (reasonably) universal way of
identifying an "application", since performing the actual "ACLing"
is (close to) trivial.  BTW, SKS/KeyGen2 is ready taking on this task as
soon as the identification issue has been resolved; the ACL is just an
(optional) typed key attribute.

As a builder of secure server applications, I also find it slightly strange
putting key passwords in "config" files when I actually know which OS user
and application which is the only legitimate user of a particular key.

Since ACLs work for files, they must surely work for keys as well!
The added dimension "application" should not require (major) OS changes;
however, the keystore and its associated subsystems do.

Anders

Received on Saturday, 5 November 2011 08:51:59 UTC