- From: Richard Barnes <rbarnes@bbn.com>
- Date: Fri, 22 Mar 2013 19:24:33 -0400
- To: Ryan Sleevi <sleevi@google.com>
- Cc: Aymeric Vitte <vitteaymeric@gmail.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
It sounds like what Aymeric is concerned about is like FireSheep. -- SafeBank uses WebCrypto to sign/encrypt transactions, so it doesn't think it needs TLS. -- John logs into his SafeBank account at Starbucks -- Jane injects malicious JS into John's plain HTTP traffic. -- Jane's malicious JS decrypts John's SafeBank session and sends it to Jane's secret lair The upshot of which seems to be: You should pretty much never use WebCrypto without TLS. Without thinking too hard about it, it seems like there are some cases where HTTP usage might be safe (e.g., just using digest()), but not many. This might also be a good opportunity to look at intersections with WebAppSec / CSP, and any recommendations we might want to make for those settings. --Richard On Mar 22, 2013, at 7:15 PM, Ryan Sleevi <sleevi@google.com> wrote: > Aymeric, > > I'm sorry, your responses do not make any sense. > > Your original attack stated "John leaves 5mn to see the postman" and "jane inserts from his webconsole an iframe" > > I described to you why physical attacks are out of scope. > > You've now suggested twice you're not describing physical attacks, even though you explicitly did. If you're going to keep moving the goal posts and changing the attack, I'm afraid we cannot have a productive discussion of the risk model. > > If a site is not using SSL/TLS, but instead rolling its own crypto, then I'm sorry, but that cannot be dealt with in any reasonable way, because it entirely breaks the same-origin-policy that is essential to modern web security. While I'm sure novel, clever, amusing, and any number of platitudes, the one that is missing is "secure", and so we should not pretend it's a security risk to do something knowingly insecure. > > > > On Fri, Mar 22, 2013 at 4:12 PM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: > I thought that by "physical access" you meant that Jane can access John's computer. > > But probably you mean that she intercepts John's connection. She does not need to do so, she could get John's messages from his computer (wireshark or other if no SSL/TLS for the site). > > Again, unlikely but possible, because if the site relies on its own secure system, it might not use SSL/TLS. > > Regards, > Le 22/03/2013 23:45, Ryan Sleevi a écrit : >> I'm not sure what you mean - Jane's "use of web console" is a physical access attack. >> >> >> On Fri, Mar 22, 2013 at 3:42 PM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: >> That's a different version of Jane's attack (from web console, then physical access) against John described in WebCrypto Use Cases. >> >> More difficult and more unlikely, but maybe not if we go outside of John/Jane's simple context. >> >> Then maybe it should be referenced somewhere. >> >> Regards, >> >> Le 22/03/2013 19:48, Ryan Sleevi a écrit : >>> Physical access attacks MUST remain out of scope of this work. >>> >>> >>> On Fri, Mar 22, 2013 at 11:12 AM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: >>> Tricky, difficult or completely unlikely but maybe possible : Use Case, John and Jane, Jane does not leave John but wants to spy him, sometimes she uses his computer then knows how to access it, while John is visiting the social site he leaves 5mn to see the postman, she inserts from his web console an iframe in the page (jane.com) and sends a postMessage with John's keys to the iframe which "stores" (ie references the underlying data) the keys in jane.com's indexedDB. She intercepts John's connexion and decrypt messages with John's computer when he is out reinjecting messages using jane.com. >>> >>> Usually this will not work because outside origin iframes can not access indexedDB, but indexedDB spec just says : User agents MAY restrict access... >>> >>> Regards, >>> >>> -- >>> jCore >>> Email : avitte@jcore.fr >>> iAnonym : http://www.ianonym.com >>> node-Tor : https://www.github.com/Ayms/node-Tor >>> GitHub : https://www.github.com/Ayms >>> Web : www.jcore.fr >>> Webble : www.webble.it >>> Extract Widget Mobile : www.extractwidget.com >>> BlimpMe! : www.blimpme.com >>> >>> >>> >> >> -- >> jCore >> Email : >> avitte@jcore.fr >> >> iAnonym : >> http://www.ianonym.com >> >> node-Tor : >> https://www.github.com/Ayms/node-Tor >> >> GitHub : >> https://www.github.com/Ayms >> >> Web : >> www.jcore.fr >> >> Webble : >> www.webble.it >> >> Extract Widget Mobile : >> www.extractwidget.com >> >> BlimpMe! : >> www.blimpme.com >> > > -- > jCore > Email : > avitte@jcore.fr > > iAnonym : > http://www.ianonym.com > > node-Tor : > https://www.github.com/Ayms/node-Tor > > GitHub : > https://www.github.com/Ayms > > Web : > www.jcore.fr > > Webble : > www.webble.it > > Extract Widget Mobile : > www.extractwidget.com > > BlimpMe! : > www.blimpme.com >
Received on Friday, 22 March 2013 23:25:02 UTC