Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution

All,
Please find attached HIDs contribution that came to a very similar
conclusion.

I only extended this by the concept that I presented at the workshop that
we should support connected and unconnected tokens.

I also share Siva's view that we MUST support the existing GP based
centrally issued eIDs and centrally issued tokens and FIDO tokens.



(See attached file: HID-PhilipHoyer_Proposal_v1.pptx)

Happy to work with you on this,

Philip



From: Siva Narendra <siva@tyfone.com>
To: anders.rundgren.net@gmail.com
Cc: Lu HongQian Karen <karen.lu@gemalto.com>, GALINDO Virginie
            <Virginie.Galindo@gemalto.com>, Wendy Seltzer
            <wseltzer@w3.org>, Brad Hill <hillbrad@fb.com>, Harry Halpin
            <hhalpin@w3.org>, public-web-security@w3.org
Date: 30/01/2015 08:08
Subject: Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto
            contribution



Apologies for crowding your inbox.


I realized that the document I shared that was originally created for a few
recipients did not do justice when distributed to this larger group in
acknowledging the key contributor.


I want to acknowledge Richard Barnes (Mozilla) for putting the architecture
in place as a starting point and Virginie's Galindo's initial review and
support.


There is more to do and hopefully we can all work together.


Best,
Siva


On Jan 29, 2015 11:29 PM, "Siva Narendra" <siva@tyfone.com> wrote:
  (+1 for Karen's proposal, albeit the nuances have to be determined in a
  future WG.)


  Pls see attached a presentation for W3C's consideration, along similar
  lines as Karen, but perhaps more generic. It is not completely vetted,
  that of course should be after the formation of a future WG.


  Based on [1] needless to say there was unanimous interest for hardware
  security based on the workshop in Sep 2014. The unanimous interest
  becomes moderate interest based on the voting if one considers just
  individual-managed IDs (aka FIDO). Hopefully W3C will consider that the
  web standards should be built to support both new standards that enables
  individual-managed and  existing standards that enable centrally-issued.


  Unless I'm mistaken,  clearly there are two camps. One set of parties,
  PayPal..., that strongly feel centrally-issued identity standards (such
  as banking, payments, healthcare, citizen cards...) have absolutely NO
  place for the Web and the other set of parties,  Gemalto, Tyfone,
  Mozilla..., that feels Web standards should include both centrally-issued
  as well as user-managed identity standards through a generic framework
  (see attached).


  Irrespective of where we politically/technically stand limited by each of
  our perceptions, for hardware security, it is absolutely essential for
  W3C to support both existing centrally-issued ID standards and the new
  user-managed ID standards such as FIDO.


  With all due respect, FIDO,  is not a "be all end all" .  Anything less
  than a generic framework will undermine the usefulness and the openness
  of the web when adding hardware (that needs to manufactured &
  dustributed) to secure ID, data, and transactions.


  We cannot bridge the divide between new FIDO individual-managed standards
  and well-established centrally-issued standards, unless and until we know
  who will pay for hardware and who will pay for distribution. So let's
  support all through ONE generic framework (see attached). Let the user's
  pick the winners if some happen to be better than the others. Let us not
  assume users are uneducated about the tradeoffs.


  [1] http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/



  Best regards,
  Siva


  On 2015-01-29 23:50, Brad Hill wrote:


        I would like to see details of how this kind of API would or could
        interact with the Same-Origin model of web security, specifically:


         1. Privacy and tracking.  How does the presence of specific crypto
        elements and discoverable keys which are not Origin-scoped not
        create privacy violations?


        2. Origin security.  How are risks around identification of or
        impersonation of the server-side of a transaction, and potential
        abuse of a globally-scope key mitigated by  this kind of API
        design?


        Without a clear discussion of how this API fits into the existing
        Web security and threat model, I think it is inappropriate to
        proceed.  We can't just throw away the fundamental security model
        that billions of users and deployed applications depend on, and I
        see no evidence (at least in these few slides) that such issues
        have been considered by this proposal.



  +1


  I sent a bunch of similar questions privately.


  Assuming that the scheme indeed *is* SOP compliant a number of other
  questions arise such as:
  - What does this offer that U2F doesn't already have?
  - What are the thought applications for SOP-constrained certificates?


  Then I would of course be very interested hearing how this specification
  matches the following
  bold statement by the W3C


               http://www.w3.org/2015/01/banker_payments.pdf



  given the fact that


               Secure AND Convenient Web Payments


  haven't really progressed the last 20 years or so.
  If you consider usage and importance also, it has actually moved in the
  *opposite* direction.


  Cheers
  Anders Rundgren



        Brad Hill


        From: Lu HongQian Karen <karen.lu@gemalto.com<mailto:
        karen.lu@gemalto.com>>
        Date: Wednesday, January 28, 2015 at 10:01 AM
        To: GALINDO Virginie <Virginie.Galindo@gemalto.com<mailto:
        Virginie.Galindo@gemalto.com>>, "public-webcrypto@w3.org<mailto:
        public-webcrypto@w3.org>" <public-webcrypto@w3.org<mailto:
        public-webcrypto@w3.org>>
        Cc: "public-web-security@w3.org<mailto:public-web-security@w3.org>"
        <public-web-security@w3.org<mailto:public-web-security@w3.org>>,
        Wendy Seltzer <wseltzer@w3.org<mailto:wseltzer@w3.org>>, Harry
        Halpin <hhalpin@w3.org<mailto:hhalpin@w3.org>>
        Subject: RE: [W3C Web Crypto WG] Rechartering discussion - Gemalto
        contribution
        Resent-From: <public-web-security@w3.org<mailto:
        public-web-security@w3.org>>
        Resent-Date: Wednesday, January 28, 2015 at 10:04 AM


            Please review Gemalto’s contribution. We welcome your comments.


            Regards,


            Karen


            *From:*GALINDO Virginie [mailto:Virginie.Galindo@gemalto.com]
            *Sent:* Wednesday, January 07, 2015 3:48 AM
            *To:*public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
            *Cc:*public-web-security@w3.org<mailto:
        public-web-security@w3.org>; Wendy Seltzer; Harry Halpin
            *Subject:* [W3C Web Crypto WG] Rechartering discussion


            Dear all,


            Web Crypto WG charter [1] will end by the end of March. We need
        to prepare the next charter of Web Crypto.


            As a reminder, the conversation has started on this page :
        https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter



            Feel free to add you ideas and suggestions on the wiki and/or
        expose your opinion and question on thepublic-webcrypto@w3.org
        <mailto:public-webcrypto@w3.org> orpublic-webcrypto-comment@w3.org
        <mailto:public-webcrypto-comment@w3.org> (for non W3C Web Crypto WG
        members).


            Regards,


            Virginie


            [1]http://www.w3.org/2011/11/webcryptography-charter.html




        ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


            /This message and any attachments are intended solely for the
        addressees and may contain confidential information. Any
        unauthorized use or disclosure, either whole or partial, is
        prohibited.
            E-mails are susceptible to alteration. Our company shall not be
        liable for the message if altered, changed or falsified. If you are
        not the intended recipient of this message, please delete it and
        notify the sender.
            Although all reasonable efforts have been made to keep this
        transmission free from viruses, the sender will not be liable for
        damages caused by a transmitted virus./



        ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

            This message and any attachments are intended solely for the
        addressees and may contain confidential information. Any
        unauthorized use or disclosure, either whole or partial, is
        prohibited.
            E-mails are susceptible to alteration. Our company shall not be
        liable for the message if altered, changed or falsified. If you are
        not the intended recipient of this message, please delete it and
        notify the sender.
            Although all reasonable efforts have been made to keep this
        transmission free from viruses, the sender will not be liable for
        damages caused by a transmitted virus.

        ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

            This message and any attachments are intended solely for the
        addressees and may contain confidential information. Any
        unauthorized use or disclosure, either whole or partial, is
        prohibited.
            E-mails are susceptible to alteration. Our company shall not be
        liable for the message if altered, changed or falsified. If you are
        not the intended recipient of this message, please delete it and
        notify the sender.
            Although all reasonable efforts have been made to keep this
        transmission free from viruses, the sender will not be liable for
        damages caused by a transmitted virus


------------------------------------------------------------
HID Global GmbH
registered office: 65396 Walluf, Germany
municipal court: Wiesbaden, Germany
commercial register number: HRB 20928
Management board: Denis Hebert, Juergen Schnoebel, Marc Bielmann

Confidentiality Note: 
This message is intended for use only by the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. Thank you.  

Received on Monday, 2 February 2015 15:30:04 UTC