- From: <bugzilla@jessica.w3.org>
- Date: Sun, 18 May 2014 22:07:43 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721 --- Comment #12 from elijah@riseup.net --- > Let me state this as unambiguously as possible: The Web Crypto API does not, > and cannot, protect you from malicious servers. Let me state this as unambiguously as possible: there is a big difference between a malicious server that can compromise your security moving forward and one that can also gain access to key material, allowing it access to all prior communication and/or the ability to sign anything it wants. > I have tried to demonstrate the many technical reasons why the arguments > you're raising are flawed. Over the course of the conversation, the exact > requirements of what threat you're trying to solve have changed. "It is difficult to get a man to understand something, when his salary depends upon his not understanding it!" -- Upton Sinclair What I am trying to solve has not "changed", I am just further enumerating the reasons why extractable keys are a horrible idea. (1) Extractable keys open up additional attacks, particularly of prior communication. (2) Allowing the storage of keys on the server increasing the ways keys can be compromised. (3) Although currently the browser must trust the origin's javascript entirely, this is likely to change in a future with code signing. (4) In the real world, users never have informed consent when their browser runs javascript and users are often required to run particular javascript as part of their daily business. It is not sufficient to say that the origin can be trusted to make the right decision regarding key extraction. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Sunday, 18 May 2014 22:07:45 UTC