Re: comments on web crypto API: Side effects of a low-level API [1/6] from Ryan Sleevi on 2013-05-23 (public-webcrypto-comments@w3.org from May 2013)

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 23 May 2013 10:05:02 -0700
To: Nikos Mavrogiannopoulos <nikos.mavrogiannopoulos@esat.kuleuven.be>
Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, danny de cock <Danny.DeCock@esat.kuleuven.be>, Filipe Beato <filipe.beato@esat.kuleuven.be>
Message-ID: <CACvaWvYfdbEihem18EWXW5d6+MCcX=PH-Cc9upCXKZSWY4_yBA@mail.gmail.com>

On Thu, May 23, 2013 at 1:35 AM, Nikos Mavrogiannopoulos
<nikos.mavrogiannopoulos@esat.kuleuven.be> wrote:
> Hello,
>  Our comments on the available Web Cryptography API are given below and on
> the few next e-mails.
>
> === Side effects of a low-level API ===
> A low level API into javascript moves the notion of standards' based web
> communications security (which is now only available via the TLS protocol),
> to a web site-based communications security. Any website can advertise
> security features such as encrypted uploading of files, but a user can never
> verify whether the algorithms used are standards' based, or are correctly
> used. Most importantly he can barely verify that the algorithms are used at
> all. As it is now the API looks suitable for javascript plugins inside
> browsers or to intranet applications, but not for the public Internet.
>
> A solution to that approach would be to offer high level API to handle the
> common of the expected use cases of the low level API, and that high level
> API will use standardized protocols, implemented in the browser. For
> example:
> * An API to upload an encrypted and authenticated file
>  -> the browser uses the standardized procedure and the user is notified by
> the browser that his file will be encrypted prior to uploading
>
>
>
>

This API is not trying to replace TLS.

The discussion of high-level versus low-level has been treated at
great length in this working group - perhaps the single largest issue
after pre-provisioned keys ("supercookies"). This WG has repeatedly
asserted that we are NOT trying to provide a high-level API - that is,
the goal is to provide a suitable set of cryptographic primitives that
allow for a wide variety of protocols and applications to be
developed.

Some of these applications MAY be designed with good intention, but be
insecure. That's life. A web author can design a page that allows for
cross-site scripting or cross-site request forgery, or any number of
other insecure practices. It is explicitly NOT a design goal of this
API to try to make such things impossible, as it runs directly counter
to the goal of providing a flexible, protocol-agnostic API that allows
for richer web applications.

Received on Thursday, 23 May 2013 17:05:33 UTC