Re: [liberationtech] W3C WebCrypto Last Call for Comments *today* from Eleanor Saitta on 2014-05-28 (public-webcrypto-comments@w3.org from May 2014)

From: Eleanor Saitta <ella@dymaxion.org>
Date: Wed, 28 May 2014 13:34:41 +0100
To: Anders Rundgren <anders.rundgren.net@gmail.com>, carlo von lynX <lynX@time.to.get.psyced.org>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <5385D7E1.3040907@dymaxion.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2014.05.28 13.21, Anders Rundgren wrote:
> Eleanor,
> 
> Yesterday I had a long tel-conference with a person representing 
> TrustedComputingGroup and secure hardware.  He claimed that 
> "Android is completely insecure" and therefore all critical 
> applications MUST run inside of the TEE.  However, few if any 
> third-party applications currently run in TEEs.  IMO, they wont do
> that in the future either.
> 
> Asking for "consensus" on anything security-ish under these 
> circumstances is simply put impossible.
> 
> Following the logic in your reasoning, you should list all the 
> algorithms that should be deprecated.  I'm not a cryptographer but
> I'm quite familiar with security protocols and that's where things
> go really wrong.  If you take a peek in the IETF-TLS list you will
> get an idea of the complexity building secure protocols.
> 
> BTW, I'm not a member of the WebCrypto WG but I mentally support 
> the work anyway.  If somebody comes up with a better mousetrap I
> don't think anybody will object :-)
> 
> There were requests fora high-level API that would hide the 
> complexity as well as always using the "best" algorithms. It was
> rejected and IMO on correct grounds because there would be endless
> discussions on how such a thing would work and in the end nobody
> would be happy anyway.

Actually, I find that when you talk to cryptographers, you get a
fairly simple list of ciphers these days.  Have you tried it?

The guy from the TrustedComputingGroup is absolutely correct, but
we're not in a position to do anything about that problem right now.

This is not an excuse to build a new platform that is insecure by
default, and no matter how much you twist and turn, you're causing
real, lasting problems here.

But hey, innovation!  Let's all innovate our users into early graves.

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlOF1+EACgkQQwkE2RkM0woduQD/Tozq7DwGD52tLYFyzROMezrT
EYo7R4dZUhK8Ae01e6kBAIDsHtV4I7Wa8KQcIVD1rYWpiSOTZZmvcIkyOa1LYitR
=ndkH
-----END PGP SIGNATURE-----

Received on Wednesday, 28 May 2014 12:36:17 UTC