Re: Pre-provisioned Key-access Proposal - Privacy Consideration Update from Mark Watson on 2012-10-30 (public-webcrypto-comments@w3.org from October 2012)

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 30 Oct 2012 13:04:54 +0000
To: Anders Rundgren <anders.rundgren@telia.com>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <EA386C01-D54F-49B1-B361-36D8BBE313E9@netflix.com>

On Oct 30, 2012, at 1:16 PM, Anders Rundgren wrote:

> On 2012-10-30 12:13, Mark Watson wrote:
> <snip>
>>> For practical comments, I feel that the current doc is full of
>>> hand-wavey ideas that provide no guidance or actual APIs that show how
>>> many of these concepts are to work or be used. I also think that,
>>> absent formal membership, the IPR policies likely prevent this being
>>> something that the WG could adopt.
>> 
>> +1
> 
> Mark, it would be interesting hearing Netflix' take on WebCrypto access to
> pre-provisioned keys that are not bound to any particular domain.  Think credit-cards.

My +1 was to support the preference for proposals from WG members and the caution about proposals from outside, not a comment on the merits of the proposal.

I'm not well-placed to comment on credit cards. Obviously, things which make it easier and safer to use credit cards on the web are welcome,

…Mark

> 
> Anders
> 
> 
>> 
>>> 
>>>> 
>>>> I have updated the document with a privacy consideration section.
>>>> 
>>>> The scheme offers no privacy silver bullet but maybe a "workable solution".
>>>> 
>>>> A generic Web Crypto issue seems to be that either you end-up with a standardized "key-picker" (probably pretty difficult to define) which would mark the selected key as usable by the application to use with the Web Crypto API, or you leave this responsibility to the [presumably well-written] application.   The described solution bets on the latter because this is much more flexible and may even turn out to be a prerequisite for market acceptance.  However, this introduces a potential privacy risk, since there's no platform-provided protection against key "misuse".
>>>> 
>>>> BTW, I have recently been experimenting with the extension-scheme used by for example Google to access the Android Play-store which is based on stand-alone handlers for unique protocols like "market://".  This is a strong challenger to Web Crypto solutions for pre-provisioned keys.  This scheme also fits quite nicely with the described solution.
>>>> 
>>>> -- Anders
>>>> 
>>>> 
>>> 
>>> 
>> 
>> 
>> 
> 
>

Received on Tuesday, 30 October 2012 13:05:33 UTC