[Bug 25721] extractable keys should be disabled by default from bugzilla@jessica.w3.org on 2014-09-25 (public-webcrypto@w3.org from September 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 25 Sep 2014 22:53:14 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25721-7213-Q14gBTOR4b@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721

--- Comment #35 from Mark Watson <watsonm@netflix.com> ---
(In reply to Tom Lowenthal from comment #34)
> To be clear, I don't think that no-extractable-keys solves the JS delivery
> quandry, or several other web security issues. However, this isn't the WG
> for solving JS delivery, only crypto primitives. I'm looking forward to lots
> of exciting pieces combining into one giant secure/trustworth applications
> robot — including some other pieces which are much further from being
> finished.
> 
> To Mark's suggestion about this being future work, I remain unsure. I think
> that the sensible approach is to leave extractable keys as default-disabled
> until other mitigations can be added to make it safer to enable them.

When you say 'default-disabled' what exactly do you mean ? Are you suggesting
we change the API ? If so, how. If not, what would happen if a script tries to
generate an extractable key ? 'default' implies there is a way to trigger
alternative behaviour. What would what be ? Just trying to make sure I have a
full understanding.

That it might be 'safer' in future to enable them, based on other mitigations,
implies there is some risk or attack that arises if they are enabled now. And
that that risk or attack would be mitigated in the meantime by disabling them.
What is that ?

> 
> I appreciate adding this as a use case Harry. I think that the most fruitful
> approach is to try to completely implement this use case — as far as this
> WG's work is able — while carefully noting what use case requirements this
> places on other WGs, and hoping that they solve those problems sensibly.

When you say 'this use case' what exactly do you mean ? So far, I understand
that you see a class of use-cases with the following properties
1) The UA generates a key which a site can use, but it cannot extract
2) The User is aware that the UA will not release the key to the site
3) The User derives some security benefit or privacy assurance from this

Specifically, the user is assured by the UA that the site can only use the key
on the users computer whilst the user is visiting the site rather than at some
other place or time and this assurance is of value to the user.

Is this right ?

It seems to me the assurance can only be of value to the user if they know what
the key is being used for, right ?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 25 September 2014 22:53:15 UTC