- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 4 Feb 2015 16:30:23 -0800
- To: David Leon Gil <coruus@gmail.com>
- Cc: Billy Simon Chaves <b.simon@hermes-soft.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Siva Narendra <siva@tyfone.com>, Harry Halpin <hhalpin@w3.org>, Brad Hill <hillbrad@fb.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Lu HongQian Karen <karen.lu@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, POTONNIEE Olivier <Olivier.Potonniee@gemalto.com>, "PHoyer@hidglobal.com" <PHoyer@hidglobal.com>
On Wed, Feb 4, 2015 at 4:11 PM, David Leon Gil <coruus@gmail.com> wrote: > So, a nit I have with WebCrypto/whatever at the moment, related to this issue. > > If I want to make a webapp that stores unextractable keys, I can store > them in IndexedDB. A browser can implement IndexedDB by providing a > store that is, e.g., a Sqlite3 database on disk. With all of these > "unextractable" keys stored in plaintext. The spec is explicitly clear that this is a valid implementation strategy, although not required of implementors. > Every browser, however, does have an internal keystore False. No specification requires this of Web Browsers. What some browsers do (and again, not all of them do this) is not the same as all browsers. > (e.g., for > passwords). And (some of them) use the best available protection their > platform provides to protect entries in it. And that protection varies by platform to considerable extent, thus providing zero effective guarantees to a Web developer, short of coding platform-specific logic in the Web - which is, of course, exactly what the Web shouldn't do - or by requiring all platforms accessing the Web have some degree of restricted control capabilities that quickly borderlines on Trusted Computing. > I'd be happy if I could just store one entry in that keystore: A KEK > to wrap all of the keys when they're at rest. > > But right now, as far as I know, I can't. > > - dlg Correct. That is by design.
Received on Thursday, 5 February 2015 00:31:41 UTC