Privacy issues associated with pre-provisioned origin-specific keys from Mark Watson on 2012-11-08 (public-webcrypto@w3.org from November 2012)

From: Mark Watson <watsonm@netflix.com>
Date: Thu, 8 Nov 2012 00:58:55 +0000
To: public-webcrypto Group <public-webcrypto@w3.org>
Message-ID: <8E986CEE-FABA-47F2-AED6-A919D71C55B2@netflix.com>

All,

I reviewed the privacy sections of IndexedDB and Web Storage as suggested by Ryan ([1], [2]).

I believe these considerations apply largely unmodified to pre-provisioned origin-specific keys. Two changes I'd suggest:

a) Deleting or expiring pre-provisioned keys: Users should be made aware that deleting a pre-provisioned origin-specific key may affect the operation of the service (origin) for which it was pre-provisioned.
b) Site-specific whitelisting of access to pre-provisioned keys: I think user-authorization should be a "SHOULD" (at least) rather than a "MAY".

What are the additional concerns we should address ?

I'd be happy to re-purpose the IndexDB text for inclusion in our specification, with the changes above. If we have such a starting point, we can initiate any necessary discussion with other groups in W3C.

…Mark

[1] http://www.w3.org/TR/webstorage/#privacy
[2] http://www.w3.org/TR/IndexedDB/#privacy

Received on Thursday, 8 November 2012 00:59:24 UTC