- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 28 May 2014 15:18:59 +0200
- To: Eleanor Saitta <ella@dymaxion.org>, carlo von lynX <lynX@time.to.get.psyced.org>
- CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On 2014-05-28 14:34, Eleanor Saitta wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 2014.05.28 13.21, Anders Rundgren wrote:
>> Eleanor,
>>
>> Yesterday I had a long tel-conference with a person representing
>> TrustedComputingGroup and secure hardware. He claimed that
>> "Android is completely insecure" and therefore all critical
>> applications MUST run inside of the TEE. However, few if any
>> third-party applications currently run in TEEs. IMO, they wont do
>> that in the future either.
>>
>> Asking for "consensus" on anything security-ish under these
>> circumstances is simply put impossible.
>>
>> Following the logic in your reasoning, you should list all the
>> algorithms that should be deprecated. I'm not a cryptographer but
>> I'm quite familiar with security protocols and that's where things
>> go really wrong. If you take a peek in the IETF-TLS list you will
>> get an idea of the complexity building secure protocols.
>>
>> BTW, I'm not a member of the WebCrypto WG but I mentally support
>> the work anyway. If somebody comes up with a better mousetrap I
>> don't think anybody will object :-)
>>
>> There were requests fora high-level API that would hide the
>> complexity as well as always using the "best" algorithms. It was
>> rejected and IMO on correct grounds because there would be endless
>> discussions on how such a thing would work and in the end nobody
>> would be happy anyway.
>
> Actually, I find that when you talk to cryptographers, you get a
> fairly simple list of ciphers these days. Have you tried it?
No I haven't but there are plenty of knowledge of cryptographic
knowledge within the WebCrypto WG.
Anyway, you don't have to go further than P256 to get a bunch of
different answers including that it contains an NSA backdoor or
that it is intrinsically unsafe.
So the list of endorsed algorithms would probably be *very* short :-)
>
> The guy from the TrustedComputingGroup is absolutely correct, but
> we're not in a position to do anything about that problem right now.
This scheme is also in Last Call and represents my line of work.
> This is not an excuse to build a new platform that is insecure by
> default, and no matter how much you twist and turn, you're causing
> real, lasting problems here.
This is no different than operating systems allowing naive users to
install [essentially] arbitrary software. By default insecure.
I would say that WebCrypto introduces much less problems because it
assumes that the developer actually *is* proficient in creating secure
applications (which BTW is much bigger scope than crypto-algorithms).
"By web-security experts for usage by web-security professionals".
> But hey, innovation! Let's all innovate our users into early graves.
Most developers who are confronted with technology they don't really
understand are likely to fail anyway. The smarter ones turn to sites
like "stackoverflow" for advice. I do it all the time :-)
Since you have already (indirectly) rejected the Android OS, your best
option may be hanging with Von Lynx and create a platform from scratch.
An even cooler possibility would be writing "WebCrypto for Dummies".
Anders
>
> E.
>
> - --
> Ideas are my favorite toys.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iF4EAREIAAYFAlOF1+EACgkQQwkE2RkM0woduQD/Tozq7DwGD52tLYFyzROMezrT
> EYo7R4dZUhK8Ae01e6kBAIDsHtV4I7Wa8KQcIVD1rYWpiSOTZZmvcIkyOa1LYitR
> =ndkH
> -----END PGP SIGNATURE-----
>
Received on Wednesday, 28 May 2014 13:19:37 UTC