[Bug 25721] extractable keys should be disabled by default


--- Comment #12 from elijah@riseup.net ---
> Let me state this as unambiguously as possible: The Web Crypto API does not,
> and cannot, protect you from malicious servers.

Let me state this as unambiguously as possible: there is a big difference
between a malicious server that can compromise your security moving forward and
one that can also gain access to key material, allowing it access to all prior
communication and/or the ability to sign anything it wants.

> I have tried to demonstrate the many technical reasons why the arguments
> you're raising are flawed. Over the course of the conversation, the exact
> requirements of what threat you're trying to solve have changed.

"It is difficult to get a man to understand something, when his salary depends
upon his not understanding it!" -- Upton Sinclair

What I am trying to solve has not "changed", I am just further enumerating the
reasons why extractable keys are a horrible idea. 

(1) Extractable keys open up additional attacks, particularly of prior

(2) Allowing the storage of keys on the server increasing the ways keys can be

(3) Although currently the browser must trust the origin's javascript entirely,
this is likely to change in a future with code signing.

(4) In the real world, users never have informed consent when their browser
runs javascript and users are often required to run particular javascript as
part of their daily business. It is not sufficient to say that the origin can
be trusted to make the right decision regarding key extraction.

You are receiving this mail because:
You are on the CC list for the bug.

Received on Sunday, 18 May 2014 22:07:45 UTC