Head's up on Privacy Review for WebCrypto API and Key Discovery from Harry Halpin on 2013-05-27 (public-privacy@w3.org from April to June 2013)

From: Harry Halpin <hhalpin@w3.org>
Date: Mon, 27 May 2013 23:33:23 +0200
To: Christine Runnegar <runnegar@isoc.org>, GALINDO Virginie <virginie.galindo@gemalto.com>, public-privacy@w3.org
Message-ID: <51A3D123.9000407@w3.org>

Although its a bit early, we'd like to give a quick scheduling notice 
that we'd like a review of the Web Cryptography API spec and

These drafts are not quite ready to ship for a thorough review, expect 
that to happen in June - although we wanted to get on your schedule - as 
Christine alerted to use earlier how quickly it fills up.

Just quick head's up on some interesting issues as regards privacy:

1) Currently to avoid privacy problems in the Web Cryptography API [1] , 
the API stores and accesses keys using "structured clone" to give them 
the same lifetime guarantees as cookies. I.e. so users can "clear" them 
and prevent keys being equivalent to super-cookies, without binding the 
keys to any particular storage mechanism. Instead, we assume vendors 
will use the best-of-breed and so may even call out to OS key stores,  
but without user losing control.

2) Keys are set to be same origin, again following cookies. Private key 
material can be controlled by the domain if its set to extractable. 
Otherwise, all key operations use key handles. We hope this satisfies 
some privacy constraints. No mandatory user-interaction is currently 
specified for handling key generation/import/export.

3) There is nonetheless the need for discovering "pre-provisioned" keys 
for some use-cases, and this is currently in a separate document due to 
discussions around privacy called the "Web Discovery" document [2]. 
Again, no user-interaction is currently specified for pre-provisioned 
keys. One use-case has the keys stored in hardware, and there are 
currently discussions around keys that could be stored in software (for 
better authentication use-cases as needed in some e-commerce scenarios) 
or in removable hardware (eID use-cases).

Those interested in providing early feedback can cc 
public-webcrypto-comments@w3.org, but be aware the drafts may - and 
*will* - change. We hope to get you a stable version by June.

       cheers,
               harry

[1]https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
[2]https://dvcs.w3.org/hg/webcrypto-keydiscovery/raw-file/tip/Overview.html

Received on Monday, 27 May 2013 21:33:35 UTC