Re: comments on web crypto API: Lack of smart card support [2/6] from Ryan Sleevi on 2013-05-23 (public-webcrypto-comments@w3.org from May 2013)

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 23 May 2013 10:08:38 -0700
To: Nikos Mavrogiannopoulos <nikos.mavrogiannopoulos@esat.kuleuven.be>
Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, danny de cock <Danny.DeCock@esat.kuleuven.be>, Filipe Beato <filipe.beato@esat.kuleuven.be>
Message-ID: <CACvaWvYU3g9Zy3NmQcWoJdhxn6ARKtpNcYjFqejWPraom_1JCg@mail.gmail.com>

On Thu, May 23, 2013 at 1:40 AM, Nikos Mavrogiannopoulos
<nikos.mavrogiannopoulos@esat.kuleuven.be> wrote:
> Our reading of the API suggests that it is not sufficient to handle smart
> cards. Smart cards are widely available security tokens (citizen IDs in
> several countries are such) that allow cryptographic operations with a
> private key that is not extractable. The private key is typically PIN
> protected.

Thank you for your feedback.

Our charter clearly states that smartcards are out of scope. Please
see http://www.w3.org/2011/11/webcryptography-charter.html

"Out of scope: features including special handling directly for
non-opaque key identification schemes, access-control mechanisms
beyond the enforcement of the same-origin policy, and functions in the
API that require smartcard or other device-specific behavior."

>
> In our view what is needed to support those keys:
> * Generation:
> The generateKey should allow the specification of a location (e.g., with a
> PKCS #11 URL [0]), and it should be able to return an identifier that can be
> used to access the object.
>
> * Cloning:
> The ability to clone a key on an SC should not be assumed.

There is no requirement that key material be copyable. The Structured
Clone algorithm describes the behaviour of Javascript objects, not the
underlying key material.

>
> * Importing:
> A way to import a named key (e.g., using a PKCS #11 URL) should be allowed
> to access a smart card key.
>
> * Exporting
> Non-Extractable keys should not be expected to be exported, nor any private
> key parameters should be accessible.
>
>
> Note that from a user interface perspective the user should be warned by the
> browser prior to allowing any access on its smart cards by a webapp.
>
> [0]. http://tools.ietf.org/html/draft-pechanec-pkcs11uri-09
>
>
>
>

Please note that this topic has been discussed at great length in this
WG, including a variety of proposals and issues.

Our archives are public -
http://lists.w3.org/Archives/Public/public-webcrypto/ - and may prove
instructive for understanding why there are serious security and
usability issues with what you propose.

Further, short of a rechartering, I do not think it would be a
fruitful venue to continue the discussion of smart cards.

Cheers

Received on Thursday, 23 May 2013 17:09:10 UTC