Re: [Web Crypto WG] draft Web Crypto WG charter : for your review and comments from Anders Rundgren on 2015-03-12 (public-web-security@w3.org from March 2015)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 12 Mar 2015 16:38:06 +0100
To: Herve SIBERT <herve.sibert@st.com>, Harry Halpin <hhalpin@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>
CC: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <5501B2DE.9060300@gmail.com>

On 2015-03-12 08:06, Herve SIBERT wrote:
> Indeed, there seems to always be the assumption that the user-agent is secure and
 > not compromised - and starting from that FIDO might be the cleanest possible design -
 > but I don't see the perspective being on how to make internet usage more secure even
 > if the user-agent is compromised, although there are technologies that will help if
 > only they are brought to the open web.

> Is there a principle in W3C that states that the user-agent not being compromised is
 > always the assumption? (maybe it's part of the "Web security principles"?)

Hi Herve,
Since the concept ("Trusted Code") have quite different meanings in different contexts,
I will try to explain this in a more practical way, adapted for this particular context.

Assume you are to pay on the web using a virtual or actual "Carte Bancaire".

You would after checkout and payment method selection be confronted by something like the following:
https://openkeystore.googlecode.com/svn/wcpp-payment-demo/trunk/docs/messages.html#UserAuthorizesTransaction

In a brick-and-mortar shop such a dialog would take place in a dedicated Payment Terminal which
is the only device directly accessing the card, asking the user for a PIN and showing the amount etc.

I don't see that this principle could or should change because the merchant is web-based.

That is, the code for the payment dialog cannot be provided by the merchant.
So the question I raised is simply: How do we solve this problem?

AFAICT, the same considerations apply to essentially every smart card use-case.

Cheers,
Anders

>
> Cheers
> Hervé
>
> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com]
> Sent: jeudi 12 mars 2015 07:41
> To: Harry Halpin; public-web-security@w3.org; public-webcrypto-comments@w3.org
> Cc: GALINDO Virginie; Wendy Seltzer
> Subject: Re: [Web Crypto WG] draft Web Crypto WG charter : for your review and comments
>
> Hi,
>
> Existing smart-card-using applications ranging from Windows login, SIM-cards in phones, EMV-cards in payment terminals, HTTPS Client Certificate Authentication in browsers, to the [now deprecated] custom signature browser-plugins, all share a common characteristic:
> The smart card is accessed by "Trusted Code" which also holds associated UI.
>
> Since the "Open Web" doesn't support this concept (transient web-code is by definition untrusted), it is not possible to continue without first having a firm plan on how to deal with "Trusted Code".
>
> Sincerely,
> Anders Rundgren
> Principal,
> WebPKI.org
>
>

Received on Thursday, 12 March 2015 15:38:53 UTC