- From: Ron Garret <ron@flownet.com>
- Date: Sat, 26 Nov 2011 10:04:47 -0800
- To: public-identity@w3.org
Hello, I'm late to this party and I'm still working on coming up to speed on the group's progress so far, but I wanted to come out of lurker mode and introduce myself. My name is Ron Garret. I'm the technical co-founder of a stealth mode startup whose application involves managing financial transactions and hence requires strong non-hackable non-phishable credentials. I'd be happy to provide more details off-line if anyone is interested. I'm conversant in crypto and security technology, but far from an expert, so please bear with me if I say something that sounds horribly naive. It probably is. Also, I'm still working on coming up to speed on the work that's been done so far. I've gone through about half of the email archive and corresponded privately with Harry Halpin about the scope of the group so I think I have a pretty good handle on what's going on, but if I say something that's already been covered please don't hesitate to tell me to RTFM. With that disclaimer in mind, I want to throw a few random thoughts into the mix: 1. Forge (http://digitalbazaar.com/2010/07/20/javascript-tls-1/) is a pure-Javascript implementation of TLS. I know at least one representative of Digital Bazaar attended the kickoff meeting back in May so the group is probably already aware of this, but I have not yet seen it come up in the email archive so I thought I'd mention it. Forge is an existence proof that TLS is possible in the browser today. 2. Notwithstanding the existence of Forge, there is still plenty of work to be done and improvements to be made. Forge has to make a lot of concessions to the constraints of Javascript, not least of which IMHO is that bignum arithmetic is horribly slow, and a pain in the ass to code. But I do think that Forge can serve as, if nothing else, a useful anchor for a discussion. 3. I am a big fan of keeping things simple. I looked at all of the extant solutions for web credentials that I could find and ended up rolling my own in part because all of the existing schemes were too complicated. You can see what I came up with at http://dswi.net/. Feedback is welcome. Here is a list of my major pain points as a user of crypto technology in the browser. They are listed in order of my personal opinion of what the low-lying fruit is, i.e. the problems that, if they were solved, would produce the most value for the least effort: 1. Bignum arithmetic in Javascript is awkward and slow. It's barely tenable on a desktop machine and hopeless on a mobile device. Forge has code for RSA key generation, and you can even run it in incremental mode. On a modern machine you can just barely generate a 1024 bit key in under a minute, and generate a 2048-bit signature in a few seconds. Generating a 2048-bit key is hopeless. 2. There is no reliable source of entropy. 3. Storing keys in LocalStorage or a WebSQL database is fraught with peril. It would be nice to be able to store a key in a way that was secure against malicious plug-ins. It would also be nice to have a secure mechanism for transferring keys to either a mobile device or a hardware token. (Satisfying both of these desiderata simultaneously is probably a Very Hard Problem.) 4. Client-side certificates are very nice technology (but see the next point), but the UI renders them virtually unusable, and hence almost entirely unused. This is a shame. 5. The CA infrastructure is a pain in the ass to use, and it's starting to get pretty creaky from a security point of view. With over 200 root CA's there are an awful lot of potential points of failure. We've already seen some near-misses. It wold probably be prudent to have a replacement ready to deploy BEFORE the current system actually collapses. I'll leave it at that for now. rg
Received on Saturday, 26 November 2011 18:05:14 UTC