- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Mon, 28 Apr 2014 16:47:15 -0400
- To: "public-web-security@w3.org" <public-web-security@w3.org>
Hi WebSec folks, Prompted by a STREWS project report, but mostly riffing off it, I got to thinking about the ways user perceptions and needs from Web security are a mis-match with the web security model. In particular, we lack a security model scoped appropriately to what people will likely want to do with WebRTC (browser-to-browser real-time communications), http://www.w3.org/2011/04/webrtc/ , and how to help users understand and mitigate risks. Globally, can we step back and ask what users will be wanting to secure in a WebRTC usage, and what additional primitives are needed to give them that ability -- or to make much clearer *whom* they will have to be trusting when they can't get technical assurances of security. Can WebRTC prompt us to look more closely at the Web security model and scope the trust domains more closely to the activities. The problems of trust scoping are myriad, including: - CAs: once in the root CA store, CAs have the authority to issue certificates for any domain, and there's no way to limit that (e.g., to say that MIT's CA can sign certs only for mit.edu and subdomains). DNSSEC could offer better granularity. Browsers are taking site-specific measures, such as cert-pinning. - "Origin": The Same Origin Policy depends on the concept of "origin", and on its consistent implementation; both of which are challenged (see expansion of the public suffix list with new domains and new delegation models). All students, faculty, and alums serving content under mit.edu are part of the same origin. - Duration: Permissions may be scoped to site, application, or session duration, yet none of these may match what a user intends to authorize. - Key management: Key management is hard, and we still haven't given users a good way to participate meaningfully in it. Can we help them build better mental models for secure authentication? Can we use WebRTC as an occasion for thinking about what a robust and user-accessible Web Security Model would look like, and what new components we'd need to build for it? Best, --Wendy -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile) This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Monday, 28 April 2014 20:47:17 UTC