Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution

(+1 for Karen's proposal, albeit the nuances have to be determined in a
future WG.)

Pls see attached a presentation for W3C's consideration, along similar
lines as Karen, but perhaps more generic. It is not completely vetted, that
of course should be after the formation of a future WG.

Based on [1] needless to say there was unanimous interest for hardware
security based on the workshop in Sep 2014. The unanimous interest becomes
moderate interest based on the voting if one considers just
individual-managed IDs (aka FIDO). Hopefully W3C will consider that the web
standards should be built to support both new standards that enables
individual-managed and  existing standards that enable centrally-issued.

Unless I'm mistaken,  clearly there are two camps. One set of parties,
PayPal..., that strongly feel centrally-issued identity standards (such as
banking, payments, healthcare, citizen cards...) have absolutely NO place
for the Web and the other set of parties,  Gemalto, Tyfone, Mozilla...,
that feels Web standards should include both centrally-issued as well as
user-managed identity standards through a generic framework (see attached).

Irrespective of where we politically/technically stand limited by each of
our perceptions, for hardware security, it is absolutely essential for W3C
to support both existing centrally-issued ID standards and the new
user-managed ID standards such as FIDO.

With all due respect, FIDO,  is not a "be all end all" .  Anything less
than a generic framework will undermine the usefulness and the openness of
the web when adding hardware (that needs to manufactured & dustributed) to
secure ID, data, and transactions.

We cannot bridge the divide between new FIDO individual-managed standards
and well-established centrally-issued standards, unless and until we know
who will pay for hardware and who will pay for distribution. So let's
support all through ONE generic framework (see attached). Let the user's
pick the winners if some happen to be better than the others. Let us not
assume users are uneducated about the tradeoffs.

[1] http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/

Best regards,
Siva

On 2015-01-29 23:50, Brad Hill wrote:

I would like to see details of how this kind of API would or could interact
with the Same-Origin model of web security, specifically:

 1. Privacy and tracking.  How does the presence of specific crypto
elements and discoverable keys which are not Origin-scoped not create
privacy violations?

2. Origin security.  How are risks around identification of or
impersonation of the server-side of a transaction, and potential abuse of a
globally-scope key mitigated by  this kind of API design?

Without a clear discussion of how this API fits into the existing Web
security and threat model, I think it is inappropriate to proceed.  We
can't just throw away the fundamental security model that billions of users
and deployed applications depend on, and I see no evidence (at least in
these few slides) that such issues have been considered by this proposal.


+1

I sent a bunch of similar questions privately.

Assuming that the scheme indeed *is* SOP compliant a number of other
questions arise such as:
- What does this offer that U2F doesn't already have?
- What are the thought applications for SOP-constrained certificates?

Then I would of course be very interested hearing how this specification
matches the following
bold statement by the W3C

             http://www.w3.org/2015/01/banker_payments.pdf

given the fact that

             Secure AND Convenient Web Payments

haven't really progressed the last 20 years or so.
If you consider usage and importance also, it has actually moved in the
*opposite* direction.

Cheers
Anders Rundgren


Brad Hill

From: Lu HongQian Karen <karen.lu@gemalto.com<mailto:karen.lu@gemalto.com>>
Date: Wednesday, January 28, 2015 at 10:01 AM
To: GALINDO Virginie <Virginie.Galindo@gemalto.com<mailto:
Virginie.Galindo@gemalto.com>>, "public-webcrypto@w3.org<mailto:
public-webcrypto@w3.org>" <public-webcrypto@w3.org<mailto:
public-webcrypto@w3.org>>
Cc: "public-web-security@w3.org<mailto:public-web-security@w3.org>" <
public-web-security@w3.org<mailto:public-web-security@w3.org>>, Wendy
Seltzer <wseltzer@w3.org<mailto:wseltzer@w3.org>>, Harry Halpin <
hhalpin@w3.org<mailto:hhalpin@w3.org>>
Subject: RE: [W3C Web Crypto WG] Rechartering discussion - Gemalto
contribution
Resent-From: <public-web-security@w3.org<mailto:public-web-security@w3.org>>
Resent-Date: Wednesday, January 28, 2015 at 10:04 AM

    Please review Gemalto’s contribution. We welcome your comments.

    Regards,

    Karen

    *From:*GALINDO Virginie [mailto:Virginie.Galindo@gemalto.com]
    *Sent:* Wednesday, January 07, 2015 3:48 AM
    *To:*public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
    *Cc:*public-web-security@w3.org<mailto:public-web-security@w3.org>;
Wendy Seltzer; Harry Halpin
    *Subject:* [W3C Web Crypto WG] Rechartering discussion

    Dear all,

    Web Crypto WG charter [1] will end by the end of March. We need to
prepare the next charter of Web Crypto.

    As a reminder, the conversation has started on this page :
https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter

    Feel free to add you ideas and suggestions on the wiki and/or expose
your opinion and question on thepublic-webcrypto@w3.org<mailto:
public-webcrypto@w3.org> orpublic-webcrypto-comment@w3.org<mailto:
public-webcrypto-comment@w3.org> (for non W3C Web Crypto WG members).

    Regards,

    Virginie

    [1]http://www.w3.org/2011/11/webcryptography-charter.html


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    /This message and any attachments are intended solely for the
addressees and may contain confidential information. Any unauthorized use
or disclosure, either whole or partial, is prohibited.
    E-mails are susceptible to alteration. Our company shall not be liable
for the message if altered, changed or falsified. If you are not the
intended recipient of this message, please delete it and notify the sender.
    Although all reasonable efforts have been made to keep this
transmission free from viruses, the sender will not be liable for damages
caused by a transmitted virus./


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    This message and any attachments are intended solely for the addressees
and may contain confidential information. Any unauthorized use or
disclosure, either whole or partial, is prohibited.
    E-mails are susceptible to alteration. Our company shall not be liable
for the message if altered, changed or falsified. If you are not the
intended recipient of this message, please delete it and notify the sender.
    Although all reasonable efforts have been made to keep this
transmission free from viruses, the sender will not be liable for damages
caused by a transmitted virus.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    This message and any attachments are intended solely for the addressees
and may contain confidential information. Any unauthorized use or
disclosure, either whole or partial, is prohibited.
    E-mails are susceptible to alteration. Our company shall not be liable
for the message if altered, changed or falsified. If you are not the
intended recipient of this message, please delete it and notify the sender.
    Although all reasonable efforts have been made to keep this
transmission free from viruses, the sender will not be liable for damages
caused by a transmitted virus

Received on Friday, 30 January 2015 07:29:37 UTC