Re: "Signed high-value transactions" from Anders Rundgren on 2012-10-12 (public-webcrypto-comments@w3.org from October 2012)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Fri, 12 Oct 2012 05:30:33 +0200
To: Harry Halpin <hhalpin@w3.org>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Message-ID: <50778ED9.4090304@telia.com>

On 2012-10-11 22:16, Harry Halpin wrote:
> On 10/11/2012 04:46 PM, Anders Rundgren wrote:
>> Given the somewhat hard-to-follow discussions on the public-webcrypto list, I think the time has come to outline how applications like the subject line should be architected and what kind of vulnerabilities they would have (in contrast to statically installed applications).
>>
>> I would also like to see a concrete proposal for accessing existing keys based on system-wide cryptographic sub-systems like featured in Windows and Android.
>>
>> Although Ryan is the lead editor, it can hardly be his task to do all the work or respond to every question, right?
> 
> No any WG member can respond, although it is the job of the editors to 
> make sure that comments are taken care of in the spec if the WG gets 
> consensus to tackle the issue and the issue is not out of scope as 
> regards the charter.
> 
> If you would like to see a concrete proposal, I suggest you write it 
> yourself. I'm sure the WG would be very happy to see it.

Dear Harry,

I have already provided a concrete proposal on the comment list:

  http://webpki.org/papers/PKI/pki-webcrypto.pdf

It describes pretty well (I hope...) a *security and trust model for pre-provisioned keys*
of the type that I believe are most relevant for "Signed high-value transactions".

The scheme departs considerably from the origin-based concept but that is
not only a drawback because it is equally applicable to transient web-code
as to explicitly installed applications including iOS/Android/WP "apps".

The proposal also highlights a fundamental issue regarding keys as
"personal" resources which IMO have a huge impact on the rest:
Do we maybe need two different trust models?

The WG has yet to gather all the divergent comments on the mailing list
and make something useful of it with respect to pre-provisioned keys of
the kind represented by the "Korean Use-case".

It would for example be quite interesting hearing what Microsoft or
Gemalto believe is the right approach for dealing with pre-provisioned
keys in a web-application using Web Crypto.

Cheers,
Anders

> 
>    cheers,
>       harry
> 
>>
>> Anders
>>
> 
>

Received on Friday, 12 October 2012 03:31:05 UTC