[Bug 25972] Please require a secure origin from bugzilla@jessica.w3.org on 2014-06-05 (public-webcrypto@w3.org from June 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 05 Jun 2014 01:26:15 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25972-7213-N2GPuhiwap@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972

--- Comment #12 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Boris Zbarsky from comment #11)
> 1) I think the secure origin definitions we have right now are way too
> restrictive no matter how you slice it.

OK. This is a (presumably) solvable problem, if we wish to engage it - although
I presume we really mean WebAppsSec, as this WG is not qualified to do that
definition.

> 
> 2) I strongly suspect, though I have not performed exhaustive analysis to
> prove this, that there are parts of the SubtleCrypto for which the secure
> transport requirement is too restrictive.  I further believe that it's very
> hard to define "secure transport".  Is data: a secure transport? 
> javascript:?  It sort of depends... just like http:// can be sometimes,
> depending on various things as you noted.

So really, this is two things that I think we should treat separately.

1) What is an insecure transport (which is, in many ways, revisiting the first
point)

2) Can you achieve meaningful security over an insecure transport?

I suspect that you might disagree with how I've phrased (2). An alternative way
would be "Can you achieve something useful over an insecure transport", but I
purposely avoided posing it like that, because I think it misses the point -
that is, the most useful systems are the least secure, and the most secure
systems are often the least useful (eg: being only suitable for a single task,
no networks, etc). Thus the question should not be phrased in terms of >0
"utility", but whether or not there is ">0 security", especially given this is
a cryptographic API.

> 
> 3) I think having something this basic not interoperable across UAs is a
> really bad idea, so whatever it is we do here we should aim for agreement
> across UAs and then actually specify that agreement, not just have them ship
> incompatible things.

I think I'd disagree with how dire things are, or in the least, what represents
incompatibility/interoperability.

To continue the discussion regarding interop better, I've opened
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25985

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 5 June 2014 01:26:16 UTC