Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution from Ryan Sleevi on 2015-02-03 (public-web-security@w3.org from February 2015)

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 3 Feb 2015 02:53:59 -0800
To: Rigo Wenning <rigo@w3.org>
Cc: Wendy Seltzer <wseltzer@w3.org>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Lu HongQian Karen <karen.lu@gemalto.com>, POTONNIEE Olivier <Olivier.Potonniee@gemalto.com>, Harry Halpin <hhalpin@w3.org>, "PHoyer@hidglobal.com" <PHoyer@hidglobal.com>, Siva Narendra <siva@tyfone.com>, public-web-security@w3.org, Brad Hill <hillbrad@fb.com>
Message-ID: <CACvaWvZkPamq5Z_bdAPg45ZrjB6QrFfC=oeMv+VXOzg4JTtmfg@mail.gmail.com>

On Feb 3, 2015 2:36 AM, "Rigo Wenning" <rigo@w3.org> wrote:
>
> Just a question, how would the webcrypto system connect to systems like
the
> German passport with its eID functions? Would they have to conform to
FIDO to
> be able to connect into the browser?
>
>  --Rigo

This is the crux of the question, isn't it? On one hand, we have vocal
people who would like to bring such legacy, insecure systems to the web. On
the other, you have those arguing that any new system exposed to the web
must respect the foundations of web technologies - ranging from the
priority of constituencies to the origin-based security model.

I know of zero eID schemes that properly preserve privacy - and that is
including PIV's notion of derived credentials - and so if the question is
"Can we bring these, as-is, to the web", then the answer is and should be a
resounding no.

That is fundamentally the tension of the discussion here - who has to
change and bend. I consider any solution that requires weakening the web
model for security, privacy, or user control to be unacceptable - no legacy
technology is worth such a dastardly trade-off.

Received on Tuesday, 3 February 2015 10:56:35 UTC