Re: Request from WebRTC from Ryan Sleevi on 2014-03-17 (public-webcrypto@w3.org from March 2014)

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 17 Mar 2014 07:59:07 -0700
To: Aymeric Vitte <vitteaymeric@gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "mountie.lee@gmail.com" <mountie@paygate.net>, "Richard L. Barnes" <rbarnes@bbn.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CACvaWvYjQ5eKDh_PrCx+Upbq-kyLW6uZTcKsK2q8093r50aAQw@mail.gmail.com>
On Mar 17, 2014 5:29 AM, "Aymeric Vitte" <vitteaymeric@gmail.com> wrote:
>
> Reopening this one, the project mentioned below is moving to WebRTC, the
draft specs are there [2]
>
> What was the conclusion of this thread?
>

Exactly what is written on this thread.

I still oppose integration as being wrong on a both technical and
conceptual grounds.

> I have read it several time and still didn't get exactly what was the
difficulty to handle the keys for DTLS à la WebCrypto.
>
> I  could not read the latest draft due to the mail I just sent, but [2]
does raise some questions and I don't think it's currently possible with
the WebCrypto API, using generatKey with RSA:
>
> - how can I get the public key fingerprint?

exportKey(spki)+digest()

> - how can I get the public key modulus?
>

RsaKeyAlgorithm object that hangs off Key.algorithm

> Regards
>
> Aymeric
>
> [2]
https://github.com/Ayms/node-Tor#anonymous-serverless-p2p-inside-browsers---peersm-specs
>
> Le 14/11/2013 10:14, Richard L. Barnes a écrit :
>>
>>
>> On Thursday, November 14, 2013 at 1:06 AM, Aymeric Vitte wrote:
>>>
>>> Interesting, I was wondering how WebRTC was handling DTLS between
peers, so despite of all security concepts that are opposed to me each time
I mention self-signed certificates, all of a sudden, a Web API, WebRTC, is
allowed to use them (to switch later to CA-issued certificates... for
peers???)
>>
>> Obviously, if you’re using self-signed certificates, you need some other
mechanism for authentication.  WebRTC uses an “Identity Provider” system to
layer authentication on top of any certificates in DTLS, including
self-signed.
>>
>> <
http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-07#section-5.6>
>>
>>>
>>> It seems like we are back to certificates, expose certificates and TLS
subjects.
>>>
>>> Maybe what is needed finally is to use the WebCrypto Key interface and
a "secondary feature" TLS/DTLS secure implementation.
>>>
>>> More generally, I have not looked at the WebRTC ideas to "avoid
tracking", but I put together a study case (see at the end of [1]) how
WebRTC could potentially be used and insure privacy at the same time, the
conclusion is that the whole world knows what you are doing so WebRTC can
certainly not be used if you care about privacy, and I don't see any
reliable means to encrypt things between peers not involving them sharing a
secret (ie know each other, so impossible in practice), that's not the
concern of this group but if the conclusion is wrong or limited then please
advise separately.
>>
>> The tracking risk arises when an app use the same public key repeatedly,
either across several different peers or multiple times with the same peer.
 This is different from the usual fingerprinting, since it’s peer-to-peer
fingerprinting instead of server-based.
>>
>> --Richard
>>
>>
>>>
>>>
>>> [1]: http://www.peersm.com
>>>
>>> Regards,
>>>
>>> Aymeric
>>>
>>> Le 14/11/2013 04:35, Richard L. Barnes a écrit :
>>>>
>>>> The current concept is to focus on keys and self-signed certificates
(as current WebRTC implementations are doing), with CA-issued certificates
as future work.
>>>>
>>>> --Richard
>>>>
>>>>
>>>> On Wednesday, November 13, 2013 at 7:32 PM, Mountie Lee wrote:
>>>>>
>>>>> DTLS is based on Certificate which is not yet fully discussed in
WebCrypto WG
>>>>>
>>>>>
>>>>> On Thu, Nov 14, 2013 at 11:24 AM, Ryan Sleevi <sleevi@google.com>
wrote:
>>>>>>
>>>>>> On Wed, Nov 13, 2013 at 5:53 PM, Richard L. Barnes <rbarnes@bbn.com>
wrote:
>>>>>> > For those who might not have been following WebRTC, they are
enabling
>>>>>> > browser-to-browser real time communications, using JavaScript.
>>>>>> >
>>>>>> > The good news is that all WebRTC communications are encrypted with
keys
>>>>>> > negotiated using DTLS (using either SRTP or the DTLS for
encryption).  These
>>>>>> > keys are bound to user identities by way of identity assertions
passed in
>>>>>> > SDP [draft-ietf-rtcweb-security-arch].  The challenge is that
WebRTC apps
>>>>>> > want to be able to control what keys are used in the DTLS
negotiation.
>>>>>> >
>>>>>> > The overall concept is that the app will be able to impose a key
on the DTLS
>>>>>> > session, using something like a setDtlsKey() method.  The question
is: Can
>>>>>> > WebRTC use WebCrypto Key objects to represent keys used for DTLS?
>>>>>> >
>>>>>> > It appears that the answer to this question is “yes”.  The app/key
>>>>>> > separation provided by the WebCrypto API provides the layer of
separation
>>>>>> > that is needed.  However, the WebRTC layer needs some additional
metadata
>>>>>> > about the key:
>>>>>> > -- Whether the key was ever accessible to JS
>>>>>> > -- Limitation of the key to usage with DTLS
>>>>>>
>>>>>> These two statements make me think that WebCrypto is not the right
fit for them.
>>>>>>
>>>>>> It is, in essence, stating "Were these keys ever Web Crypto keys"
>>>>>>
>>>>>> >
>>>>>> > The proposal is to add information to the WebCrypto Key object to
encode
>>>>>> > these metadata.
>>>>>> >
>>>>>> > This email is intended to be a summary, with more detail to be
provided in
>>>>>> > discussion tomorrow.  The main question for now is whether this
seems like a
>>>>>> > current-API thing or a future-API thing.
>>>>>> >
>>>>>> > I would suggest that it is an issue for the current API, because
(1) the
>>>>>> > proposed changes are small, and (2) if this is punted to a future
version,
>>>>>> > then WebRTC will likely come up with an alternative solution.
>>>>>> >
>>>>>> > Thanks,
>>>>>> > --Richard
>>>>>>
>>>>>> Seems like a never-API to me, based on your summary, but perhaps I'm
>>>>>> missing important context.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Mountie Lee
>>>>>
>>>>> PayGate
>>>>> CTO, CISSP
>>>>> Tel : +82 2 2140 2700
>>>>> E-Mail : mountie@paygate.net
>>>>>
>>>>> =======================================
>>>>> PayGate Inc.
>>>>> THE STANDARD FOR ONLINE PAYMENT
>>>>> for Korea, Japan, China, and the World
>>>>
>>>>
>>>
>>> --
>>> Peersm : http://www.peersm.com
>>> node-Tor : https://www.github.com/Ayms/node-Tor
>>> GitHub : https://www.github.com/Ayms
>>
>>
>
> --
> Peersm : http://www.peersm.com
> node-Tor : https://www.github.com/Ayms/node-Tor
> GitHub : https://www.github.com/Ayms
Received on Monday, 17 March 2014 14:59:36 UTC