RE: Comments on last call from Ryan Sleevi on 2014-05-05 (public-webcrypto-comments@w3.org from May 2014)

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 5 May 2014 07:31:29 -0700
To: Rich Salz <rsalz@akamai.com>
Cc: public-webcrypto-comments@w3.org, GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Message-ID: <CACvaWvbv1ECMH9sOC9iNEXc5Nw12U=yn-uJQ5pYOGz7YzOoaaA@mail.gmail.com>

On May 5, 2014 7:26 AM, "Salz, Rich" <rsalz@akamai.com> wrote:
>
> Ø  As has been discussed - repeatedly - you can't programatically
separate the algorithms into two (or more) namespaces, because once
shipped, you can *never* migrate between them, as such migrations are
inherently breaking API changes.
>
> First of all, it’s a one-way path.  Once something becomes broken or
weak, it never moves out of that category.
>
>
>
> Second, the suggestion is to make second-class citizens, from the very
beginning out of those things that we know should be second-class.  Since
you are not (yet?) able to provide guidance on what to avoid, then make the
names used in the code provide that guidance.  JS has exceptions and when
bad crypto is no longer supported as a first-class part of the API, then
code that needs to use them can do catch the exception and try the other
namespace. Defining that namespace in your base document will increase
interoperability in the face of a changing crypto world.
>
>

That is still a fundamentally broken API.

All it does is result in the exact same behaviour you seem to think it will
avoid - every developer will follow that exact same pattern for every
algorithm. Those that don't, it is still a breaking change for the web -
since example.com was working fine with My Awesome Browser v23, but now
suddenly stops working in My Awesome Browser v24, because its complaining
about uncaught exceptions.

Practically speaking, your proposal is worthless for accomplishing its
goals of security. The group did indeed discuss this at length, and
thoroughly established that it provides no benefits.

>
> As for a UA asking for additional confirmation, what might that look
like?  “The createSignedBlob applet is asking to use AES in CBC mode, which
is known to be weak; see http://iacr.org/preprints/.... For details.
Proceed or Cancel.”  Really?
>

Strawmen are very easy to argue against, but neither productive nor
constructive towards doing so.

>
>
>                 /r$
>
>
>
> --
>
> Principal Security Engineer
>
> Akamai Technologies, Cambridge, MA
>
> IM: rsalz@jabber.me; Twitter: RichSalz
>
>

Received on Monday, 5 May 2014 14:31:56 UTC