Proposal for ISSUE-25 (Globally unique pre-shared keys) from Mark Watson on 2012-10-29 (public-webcrypto@w3.org from October 2012)

From: Mark Watson <watsonm@netflix.com>
Date: Mon, 29 Oct 2012 13:23:19 +0000
To: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Message-ID: <9796B477-267C-44BC-ACE7-8DFB31AA92BD@netflix.com>

All,

To address ISSUE-25 [1] I'd like to propose the following changes. I hope we can discuss this later in the week.

1) To Section 6, Privacy Considerations, replace the last sentence of the "Super-cookies" section ('This is especially true for keys that were pre-provisioned for particular origins and for which no user interaction was provided') with a more detailed separate section:

"Pre-shared keys

Pre-shared keys may be long-lived and may be securely associated with specific hardware elements. Without sufficient safeguards it may be possible for an origin to identify a user or device without the knowledge or consent of the user. Access to pre-shared keys SHOULD require explicit user authorization on a per origin basis. User Agents supporting pre-shared keys SHOULD ensure that each origin receives a unique origin-specific pre-shared key. This could be accomplished, for example, by transforming an origin-independent secret using a suitable origin-specific one-way function."

2) To Section 10 (Key interface) [or wherever is most appropriate], add new sub-section, as follows:

"10.2 Pre-shared keys

User Agents MAY expose origin-specific pre-shared keys as Key objects visible within the keys attribute of the Crypto interface. Examples of pre-shared keys include keys stored in secure hardware elements.

10.2.1 Pre-shared key pairs and certificates

Where a pre-shared public/private key pair has an associated X.509 certificate, this certificate SHOULD be made available in a property named "x509certificate" within the extra attribute of the Key object. The "x509certificate" property contains the base64 encoding of the … <specify encoding of X.509 certificate here>.

10.2.2 Pre-shared symmetric keys and identities

Where a pre-shared symmetric key has an associated globally unique identity, this identity SHOULD be made available in a property named "uid" within the extra attribute of the Key object. The "uid" property contains the base64 encoding of the bytes of the globally unique identity."

…Mark

[1] http://www.w3.org/2012/webcrypto/track/issues/25

Received on Monday, 29 October 2012 13:23:52 UTC