- From: Lyor Goldstein <lgoldstein@vmware.com>
- Date: Mon, 3 Mar 2014 22:36:46 -0800 (PST)
- To: <public-webcrypto-comments@w3.org>
> > > What prevents the attacker from directing the client JS to sign > > the original server's certificate chain in script (eg: using RSASSA)? Nothing of course - the attacker would have to inspect and modify the javascript on the fly - which isn’t an easy task if we apply some obfuscation techniques (and before anyone says "obscurity is not security" - I totally agree, but would also like to quote that "security is not a solution but a process"). In principle I totally agree with the general statement that "I do not believe WebCrypto can or should try to prevent MITM", but on the other hand let's not make it too easy for MITMs... > > > And before anyone says "Use what you show in the UI for the lock", > > this fundamentally ignores the use case of why you want to bind to the > > cert - and how you can fundamentally subvert it. I do not claim it solves the whole MITM issue, but using what is shown in the UI for the lock is (IMO) a small step forward. Furthermore, even leaving the MITM issue aside, why shouldn't javascript have access to the data shown in the UI for the lock ? I concede that I cannot show a compelling use case why this must be done, but my instinct as a developer tells me that it may be a useful feature for other purposes besides security. I admit that since I do not know how much effort it would involve to add this feature it may require some compelling reason to mandate it, but if on the other hand it is simple enough I believe it may provide useful functionality in the future that we currently cannot foresee ("build it and they will come" :-))
Received on Tuesday, 4 March 2014 06:37:16 UTC