comments on web crypto API: Restricting access to private keys to specific servers [4/6]

Instead of restricting keys to a specific set of hosts, we propose a 
cryptographic binding of keys to a certain public key.

Embed a server's public key (S) in the javascript and associate any 
possibly generated private keys with that key. Those keys will be 
accessible to any server that has the (S) key. This of course requires 
the server to prove the possession of the private key that corresponds 
to (S) to the client. That can be done by a signature on some nonce 
provided by the client (e.g., in the HTTP headers). The servers that 
possess this key should be able to enumerate, delete and use the keys 
generated by them.

On server key compromise a process to update the server key should be 
allowed (e.g. using similar ideas from tack or pinning).

Received on Thursday, 23 May 2013 10:12:58 UTC