W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > June 2015

Re: Will the WebCrypto API allow discovery/enumeration of certificates?

From: Ryan Sleevi <sleevi@google.com>
Date: Wed, 24 Jun 2015 23:57:31 -0700
Message-ID: <CACvaWvabZCTtjoG4jRCbeEysH2pTP4sXj_EDrAy4Dy4p2TYGCg@mail.gmail.com>
To: Billy Simon Chaves <b.simon@hermes-soft.com>
Cc: Jeffrey Walton <noloader@gmail.com>, WebCrypto Comments <public-webcrypto-comments@w3.org>
Billy,

I'm a bit surprised that you mentioned your countries CA, but then don't
see the privacy implications. I'm not familiar with Costa Rica's eID
scheme, but under much of the eIDAS regulation in the EU, the certificates
contain a variety of uniquely-identifying PII, such as the users name,
their government-assigned ID, and, in some cases, biometric or photographic
identifiers.

That's simply unacceptable to expose to an arbitrary webpage without
permissions, and we should strive for APIs that function without
permissions, as permissions are a usability pox upon users.

Even if we accepted that users are willing to identify themselves to
websites in undeniable ways, you end up with a tremendously dangerous
security model. In your document signing case, you may have a document
signing application at hermes-soft.com/signing. However, if
evilhacker.example.com/muahaha was able to get access to your private key
(using the exact same mechanisms that hermes-soft.com/signing), then
evilhacker.example.com could cause your smart card to generate signatures
that the user hadn't authorized.

The PIN prompt is simply not a security mechanism, and it should hopefully
be clear the various ways in which evilhacker.example.com could make you
think the prompt is coming from hermes-soft.com/signing (via timing
attacks) when it's actually coming from evilhacker.example.com. Even if the
prompt included the URL, there's huge phishing opportunities.

Hopefully this makes it a bit more explicit the deep concerns with the
security and why there isn't really a path forward for such keys,
especially when alternative, modern systems exist.

On Wed, Jun 24, 2015 at 3:48 PM, Billy Simon Chaves <b.simon@hermes-soft.com
> wrote:

>
>
>
> Hello Ryan,
>
> It is not obvious to me the privacy or security reasons why a web
> application should not be able to enumerate trusted roots and client
> certificates in the user certificate store. The whole point of a digital
> certificate is that it is public. Can you elaborate on those reasons?
>
> Regarding security and privacy to me it is more concerning that web crypto
> only works with private keys stored in the browser store, and doesn’t allow
> me to use private keys stored in secure devices, like physical tokens.
>
> For instance my application needs to be able to sign documents and
> transactions, (something like web crypto scenario "2.4 document signing")
> using a private key associated to a certificate issued by my country’s
> official CA.  First my application needs to find in the user store for a
> certificate issued by my country’s CA, that has a matching private key,
> then ask the browser to generate a digital signature using that private
> key, the browser ask the user for permission to use the private key (in my
> case it has to ask for a PIN cause the private key is stored in a smart
> card), if the user accepts the browser ask the smart card to generate the
> digital signature.  In my case for security and privacy reasons all the
> crypto operations are done inside the smart card, the private key never
> leaves the smart card.
>
> Thanks in advance,
>
>
> *Su aliado en la Web...*
>
> *Ing Billy Simón Ch.*
>
> Gerente de Tecnología
> Tel. 2234-9900 ext 102
> www.hermes-soft.com
>
>
>
>
>
> On Jun 24, 2015, at 3:00 PM, Ryan Sleevi <sleevi@google.com> wrote:
>
>
>
> On Wed, Jun 24, 2015 at 1:50 PM, Jeffrey Walton <noloader@gmail.com>
> wrote:
>
>> I see the WebCrypto API will allow discovery of keys
>> (http://www.w3.org/TR/WebCryptoAPI/):
>>
>>     In addition to operations such as signature generation
>>     and verification, hashing and verification, and encryption
>>     and decryption, the API provides interfaces for key
>>     generation, key derivation, key import and export, and
>>     key discovery.
>>
>> Certificates have public keys, and they are not as sensitive as private
>> keys.
>>
>> Will the WebCrypto API allow discovery/enumeration of certificates?
>>
>> Examples of what I would like to discover or enumerate (in addition to
>> the private keys):
>>
>>  * Trusted roots
>>  * Client certs
>>
>> Trusted Roots are in the platform's trust store. Client certs may be
>> in the trust store.
>>
>> Thanks in advance,
>> Jeff
>>
>>
> There are no plans from Chrome to implement such, on the hopefully obvious
> and significant privacy grounds.
>
> Client certs contain PII.
> Trusted certs contain PII and fingerprinting.
>
> In modern, sandboxed operating systems, such as iOS and Android,
> applications cannot enumerate either, as those platform providers reached
> the same conclusion.
>
> So no. Never.[1]
>
> [1] For some really long value of never
>
>
>
Received on Thursday, 25 June 2015 06:58:00 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 25 June 2015 06:58:00 UTC