- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 21 Dec 2013 04:51:19 +0100
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Dear List, Mountie and Nick have independently of each other proposed SOP exceptions managed by the _user_ as a solution for facilitating access to non-origin-bound pre-provisioned keys. At first sight this appears to be a viable solution. A deeper dive into this topic reveals a few snags such as the fact the browser will have to offer _all_ certificates for the [poor] user to select from. This will only work satisfactory if we had this one ID that everybody trusts/accepts which is a restriction that doesn't fit particularly well in a _standard_. I have said it before and I say it again [things become more true when repeated, right? ;-)]: It is the _key_ that should do the initial filtering (which indirectly already is the case in WebCrypto) because no serious issuers would accept _arbitrary_web_code_ accessing their keys. The latter would be like inviting skimming of credit-cards in fake payment terminals. The user _may_ (depending on the implementation) further restrict access but then from a much more reasonable selection (only the keys that actually matches the RP's need). In a WebCrypto world it would mean that a pre-provisioned key as a minimum should have a _domain_label_ which in an X.509 use-case typically would be put in an extension. Leaving the somewhat crippling domain sand-box can be performed through _postMessage ()_ arrangements, but this decision is still in the hands of the issuer. Anders
Received on Saturday, 21 December 2013 03:52:09 UTC