Privacy Interest Group to review Web Crypto API - a draft from Harry Halpin on 2012-09-20 (public-webcrypto@w3.org from September 2012)

From: Harry Halpin <hhalpin@w3.org>
Date: Thu, 20 Sep 2012 16:25:43 +0200
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <505B2767.3040003@w3.org>

The W3C PING (Privacy Interest Working Group) was hoping to review the 
WebCrypto API, and I just wrote this off the top of my head. Does this 
sound about right as a sort of few issues for them to look at?

---------

The WebCrypto API has a number of privacy-related functionality that 
should be reviewed by the W3C PING IG [1].

Off the top of my head, one can also do possible finger-printing of 
browser types in the current spec by running through the operations 
allowed by the API in a given browser/JS environment, but that would 
likely only manage to figure out what browser (and possibly device, if 
the API wires into device or OS-specific crypto) the user is running by 
indirectly by seeing what crypto algorithms are supported. Another more 
important potential red-flag is the ability to import/export keys. 
Although we do currently obey basic constraints like same-origin policy, 
one can imagine keys being created to identify browsers in the same 
manner of cookies. There is also the possibility of using 
pre-provisioned keys and keys previously generated and imported.

  As for more possible future features with an impact on privacy, see 
the charter [2]. In particular secondary features:

"/Secondary API Features/ that may be in scope are: control of TLS 
session login/logout, derivation of keys from TLS sessions, a simplified 
data protection function, multiple key containers, key import/export, a 
common method for accessing and defining properties of keys, and the 
lifecycle control of credentials such enrollment, selection, and 
revocation of credentials with a focus enabling the selection of 
certificates for signing and encryption."

So I imagine simplified data protection, interactions with multiple key 
containers (including those of the API), digital signatures, and 
certificate support would all have privacy implications re 
fingerprinting. Yet is not that necessary to achieve some of the 
security properties needed for some applications? And the larger 
philosophical question would be is that should we 1) prevent 
applications from being built due to privacy concerns by not creating 
such functions

We'd love a written commentary on privacy to 
public-webcrypto-comments@w3.org and hopefully we can do a telecon with 
you at one of your future meetings.

[1]http://www.w3.org/TR/WebCryptoAPI/
[2]http://www.w3.org/2011/11/webcryptography-charter.html

    cheers,
       harry

Received on Thursday, 20 September 2012 14:25:49 UTC