Origin-bound keys


Based on the discussions at our face-to-face I'd like to propose that we make a distinction between keys which can be used by any origin (subject to per-origin user authorization) and keys which can only ever be used by a single origin (the one they were created by or provisioned for).

The first kind I call origin-authorized, the second origin-specific.

The reason I think this distinction is useful is that the privacy properties of these two kinds of key are very different. Creating a key which can only ever be used by the app that created it is a very different thing than creating a key which may be used by other apps as well, depending on which dialogs the user blindly clicks through.

Decisions on authorization dialogs etc. are taken by browser implementors (not us in the web crypto group), but they may make different decisions for these two cases if they are distinguished - to the benefit of users.

For example, origin-specific keys are much like cookies today and may be controlled in a similar manner.

Origin-authorized keys are perhaps more of an uber-cookie where more care is required. Perhaps a user authorization step is required to create one ? User-authorization is definitely required to access one.

If we don't make this distinction in our API (in the form of a key property), there is no opportunity for browsers to treat the two kinds differently from a privacy/user authorization perspective.


Received on Monday, 6 August 2012 16:39:10 UTC