- From: Douglas Stebila <stebila@qut.edu.au>
- Date: Thu, 30 May 2013 12:50:27 +1000
- To: Ryan Sleevi <sleevi@google.com>
- CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Harry Halpin <hhalpin@w3.org>
On 2013/05/30, at 12:37, Ryan Sleevi wrote: > What protection does this actually provide in the event of a MITM? I would argue none - hence why I am not terribly convinced its worth the effort. > > You're relying on JS delivered by an attacker to do the cryptographic binding to the server's cert. The attacker will simply prompt the user (...in JS) for their password, then rebind that to the "real" server's public key. > > You get absolutely zero of the security value of channel bindings in that scheme - because you are forced to trust the attacker. > > Solving the "secure delivery of code" is a non-goal of this WG. Trust TLS (which your model, by design, does not) or use SysApps (as I earlier suggested) have been the two responses so far for this problem. Which is why we deliver code as an extension that has to be installed, not via the HTML page over the channel. It could also be done as a Javascript bookmarklet, I suppose. Douglas
Received on Thursday, 30 May 2013 02:51:03 UTC