Re: Call for Consensus: Require secure context for WebCrypto from Harry Halpin on 2016-08-01 (public-webcrypto@w3.org from August 2016)

From: Harry Halpin <hhalpin@w3.org>
Date: Mon, 1 Aug 2016 13:01:05 +0200
To: public-webcrypto@w3.org
Message-ID: <c386cc31-66cb-b1aa-7304-97eb5298d3db@w3.org>

Since it's been two weeks since this CfC was issued and while the
discussion has clarified the status of how to define 'secure contexts',
there is no objection and so we will normatively require secure contexts
for the use of WebCrypto API. As per discussion, thus we will refer to
this document to define "Secure Contexts"  [1] as it should stable by
the time WebCrypto goes to Recommendation status.

   cheers,

      harry

[1] https://www.w3.org/TR/secure-contexts/

On 07/15/2016 09:32 PM, Wendy Seltzer wrote:
> On 07/15/2016 03:06 PM, Mike West wrote:
>> +Brad and Wendy, who have opinions.
>>
>> On Thu, Jul 14, 2016 at 4:35 PM, Harry Halpin <hhalpin@w3.org> wrote:
>>
>>> We're thinking of adding a sentence saying that secure origins should be
>>> required for the use of WebCrypto.
>>>
>>> In detail, we'd like to follow the definition of a secure context given
>>> here [1], although since that document is still an editor's draft so we
>>> will instead say that the "The top-level browsing context should be
>>> secure when using the WebCrypto API."
>>>
>> I recommend against creating a one-off mechanism; the secure contexts spec
>> is pretty far along, and I don't believe it will block your progress. I
>> asked for a TAG review a little while ago (
>> https://github.com/w3ctag/spec-reviews/issues/124), and got positive
>> feedback along with a number of small issues to fix. I made quite a bit of
>> progress on them today, and expect to be ready to issue a CfC to move to CR
>> ~next week.
> Great! That should give the needed stability path for a reference from
> WebCrypto.
>
> --Wendy
>
>>
>>> Since all browsers support WebCrypto using TLS, this should not change
>>> the test-suite or conformance requirements. As long as browsers enable
>>> the usage of WebCrypto in TLS, we will not consider them non-conformant
>>> if they offer the usage of WebCrypto outside TLS. However, given it is
>>> not best practice, this note will at least inform developers to use TLS
>>> properly when using WebCrypto, as otherwise (as we've seen), some
>>> developers may believe enabling WebCrypto without TLS may give them
>>> security properties it indeed does not.
>>>
>> I would suggest that one way to prevent the mismatch between developer
>> expectation and actual guarantee is to enforce restrictions that uphold the
>> latter.
>>
>> -mike
>>
>

Received on Monday, 1 August 2016 11:01:19 UTC