W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > December 2013

SOP Exception versus Key-based Domain Labels

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 21 Dec 2013 04:51:19 +0100
Message-ID: <52B51037.4010504@gmail.com>
To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Dear List,

Mountie and Nick have independently of each other proposed SOP exceptions managed by
the _user_ as a solution for facilitating access to non-origin-bound pre-provisioned keys.

At first sight this appears to be a viable solution.  A deeper dive into this topic reveals
a few snags such as the fact the browser will have to offer _all_ certificates for the [poor]
user to select from.  This will only work satisfactory if we had this one ID that everybody
trusts/accepts which is a restriction that doesn't fit particularly well in a _standard_.

I have said it before and I say it again [things become more true when repeated, right? ;-)]:
It is the _key_ that should do the initial filtering (which indirectly already is the case in WebCrypto)
because no serious issuers would accept _arbitrary_web_code_ accessing their keys.  The latter
would be like inviting skimming of credit-cards in fake payment terminals.

The user _may_ (depending on the implementation) further restrict access but then from a
much more reasonable selection (only the keys that actually matches the RP's need).

In a WebCrypto world it would mean that a pre-provisioned key as a minimum should
have a _domain_label_ which in an X.509 use-case typically would be put in an extension.

Leaving the somewhat crippling domain sand-box can be performed through _postMessage ()_
arrangements, but this decision is still in the hands of the issuer.

Anders
Received on Saturday, 21 December 2013 03:52:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:03:26 UTC