On Thu, May 10, 2012 at 10:44 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> On Thu, May 10, 2012 at 7:30 AM, David Dahl <ddahl@mozilla.com> wrote:
> > One of the reasons for establishing this WG is to try and provide a more
> secure way of using crypto on the web. Keeping the private keys private is
> at the top of this list. We can establish a spec that only ever references
> private key IDs, making this much more secure than existing JS crypto
> libraries that have access to private key material.
>
> It's not clear to me that this is "much more secure". What's the
> threat model under which
> that is the case?
>
> -Ekr
>
>
Where the private key is directly accessible by script loaded from
same-origin?
Compromised server injects hostile script into a page response, grabs the
private key, posts it to a foreign server, and now the private key has been
stolen and used to decrypt any data between the server and its clients
out-of-band.
Jarred