Re: who own the key? from Ryan Sleevi on 2013-04-25 (public-webcrypto@w3.org from April 2013)

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 25 Apr 2013 14:10:46 -0700
To: Mountie Lee <mountie@paygate.net>
Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <CACvaWvYLsgkXHQ3KFcHRKVDFXvYz7TSGKdXw=-DUK-zHdyM1-Q@mail.gmail.com>

On Thu, Apr 25, 2013 at 2:02 PM, Mountie Lee <mountie@paygate.net> wrote:
> Hi.
>
> I remember we have discussed about the ownership of key.
>
> to clarify the key ownership, I send this mail.
>
> who own the key?
> is it belong to user or application of service provider?
> who has control for generated key?
>
> is the view of certificate side, key pair is belong to user.
> but the key pair of current low level API, it seams belong to application
> side.
>
> is my understanding correct?
>
> --
> Mountie Lee
>
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net

Hi Mountie,

I don't think you will find agreement here, just like there wasn't at the F2F.

There are some applications (as you heard of at the F2F) that see the
key in control of the provisioner. Whatever the provisioning
application/provider deems as acceptable, that's accepted.

There are some applications that see the key belong to the user - that
is, any actions taken with the key must receive consent of the user.

There are some applications that see the key belong to the
applications using the key - that is, if the application can access
the key, it can use it.

The low-level API makes no declarations one way or the other, OTHER
than the fact that it treats the web application as the provisioner
(because it generated the key - as there are no other keys supported
in the low-level API), therefore it's fully under application/provider
control. As you heard repeated at the F2F, there is no point to
interact with the user, because everything "could" simply be
polyfilled in JS without user interaction.

>From a normative specification side, I think it's wrong to think of
the problem as such. If and when new key types are introduced, their
security considerations will need to be uniquely addressed. In the
real world, it's rarely ever the case that it's simple X or Y - it's
often something like 30% X and 70% Y (or some other mix and match).

Just look at GlobalPlatform to see a complex interaction of
authorities, security domains, and permissioning to understand how
this really works.

Cheers,
Ryan

Received on Thursday, 25 April 2013 21:11:21 UTC