- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 11 Feb 2014 07:23:38 +0100
- To: Mountie Lee <mountie@paygate.net>, ์กฐ์๋ <sangrae@etri.re.kr>
- CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0036.html "Mountie and Sangrae mentioned their needs for 1) clarifying the key storage definition (currently left to the implementers in the specification) and 2) allowing the scenario of a site A delivering a key to be used by a site B (also known as exception to the same origin policy). In that case, it is expected that the user would be in charge of accepting this exception" 1) This is a core WebCrypto feature and cannot be changed without going back to square #1. 2) This is not comparable to a user accepting site B, it is the user granting site B UNRESTRICTED CODE ACCESS to a key issued by site A. Q1: Why would site A (like a bank or national CA) accept such an arrangement? Q2: When site B issues a crypto.subtle.sign ({name: "RSASSA-PKCS1-v1_5", hash: {name:"SHA-256"}}, siteA_privKey, data).then ... what is the UA supposed to do then? Note: current implementations do not bring up a GUI here. That is, this model presumes that (the for site A possibly unknown) site B is "good" and that the user knows that. As a local solution in Korea it may work, as an Internet-scale standard it does not. Regarding CMP: We still haven't any information on how keys enrolled through the CMP scheme showcased in Shenzhen relates to WebCrypto. My guess is that they are entirely unrelated which means that this is rather a challenger to <keygen> & friends. Unfortunately I don't see that CMP brings much value to the table compared to <keygen>. Revocation? Issuers do not permit end-users to directly revoke credentials. It is a management operation. Consider these scenarios: - Token loss: How can you through cryptographic methods revoke a key when you actually have lost it? - User terminating the service: Wouldn't revocation (if needed) rather be performed by the subscription service? Renewals then? Well, CMP can do that but not in a way that can work for end-users. CMP was designed for PKI administrators. Security? It is unclear to me what CMP could possibly do here which <keygen> doesn't already do. I don't enjoy being a royal PITA, I'm actually trying (hard) to get you (back) on track |-: Cheers Anders
Received on Tuesday, 11 February 2014 06:24:11 UTC