W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Security use cases for packaging

From: Deian Stefan <deian@cs.stanford.edu>
Date: Thu, 29 Jan 2015 16:54:01 -0800
To: Brad Hill <hillbrad@gmail.com>, Yan Zhu <yzhu@yahoo-inc.com>, Chris Palmer <palmer@google.com>
Cc: "public-webapps\@w3.org" <public-webapps@w3.org>, "public-webappsec\@w3.org" <public-webappsec@w3.org>
Message-ID: <87y4ol9jh2.fsf@cs.stanford.edu>


Brad Hill <hillbrad@gmail.com> writes:

> Paging (future Dr.) Deian Stefan to the ER...
>
> Any thoughts on using COWL for this kind of thing, with a pinned crypto key
> as a confinement label to be combined with the regular Origin label?


Thanks for paging me! I've thought about something like this---providing
some form of code integrity---in the context of COWL as well.

The idea was to grant a worker the privilege corresponding to the (hash
of the) source, in addition to its origin. This would allow a server to
verify if the code it is communicating with is trustworthy.
(COWL labels are not limited to origins.)

I really like Yan's use case. And I think it fits in pretty naturally
with COWL: the app, if verification succeeds, can be granted the
privilege corresponding to the (hash of the) crypto key:
Privilege(https://cryptomail.yahoo.com).and(app-key:...).
Other code from the same origin would only have Privilege(https://cryptomail.yahoo.com).

I think this may partly address Chris and Dev's concerns.  But deciding
when not to run the app code is still a question. Though I think the
github issue already brings this up.

Deian
Received on Friday, 30 January 2015 00:54:31 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:25 UTC