- From: Seetharama Rao Durbha <S.Durbha@cablelabs.com>
- Date: Wed, 29 Aug 2012 15:20:30 -0600
- To: Ryan Sleevi <sleevi@google.com>, Lu HongQian Karen <karen.lu@gemalto.com>
- CC: Ali Asad <Asad.Ali@gemalto.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CC63E01B.5991%s.durbha@cablelabs.com>
On 8/29/12 2:43 PM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote: On Wed, Aug 29, 2012 at 1:11 PM, Lu HongQian Karen <karen.lu@gemalto.com<mailto:karen.lu@gemalto.com>> wrote: The application's trust model does not totally depend on what UA tells it where the key comes from. This is a reference and a first level of checking. The application or the back-end server can verify operations done using the key and, hence, if the right key was used. What is the harm of telling the application since the UA knows the information? The (significant) harm is that it requires us to figure out an taxonomy of key storage types, while still having the spec remain neutral about the details about how or what is implemented. The problem with such taxonomies, especially spec'd before any implementations exist, is that by framing the language in particular terms, you directly and indirectly influence what is seen as implementable and how things are implemented, and inevitably, the taxonomy fails when things are "like-but-not-alike", much like Keychain is "Local but not local" or a remote cloud storage is "Browser storage, but external" Even simple, mechnical definitions such as "software, hardware, removal" are, in fact, subtle and complicated, and fail to classify even the existing types of key storage provided by common APIs today. Your quoted discussions mentioned that an application could not trust what UA said in a certain aspect. Is this the trust model of this API? Isn't the UA the one who implements the API? How would an application know to trust or not anything from the API? Yes, the trust model of this API, as with every other client-side API, as with every other JavaScript API, as with every other crypto API, is that you should not and cannot trust the API. The API can lie or be subverted, and there is no way, as a server, to know this. One of the core, most foundational, unconditional premises for web security, is never, EVER, trust the client. The ONLY thing you should trust are things you know cannot be subverted. This would include trusting a key provisioned on a smart card, if you KNEW that the smart card could not be subverted, no matter how hostile the environment. If we have the best interests of the developers in mind, then may be we can limit our API to operations possible on a smart card (and strictly using pre-provisioned keys). No key derivation also (as that exposes the key to browser). Anything else will help in the development of applications using false assumptions.
Received on Wednesday, 29 August 2012 21:21:19 UTC