- From: Waitzman, David (Contractor) <David_Waitzman@comcast.com>
- Date: Wed, 3 Aug 2016 19:08:55 +0000
- To: Eric Roman <ericroman@google.com>
- CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <B51C2A07-21AD-4C75-98A9-11B9D881B341@cable.comcast.com>
Eric, Thanks for the response and apologize it was not worded well enough. My security model does require unextractable keys. The requirements include a browser implementation that, inconsistently, only has ECMAScript 5.1 support, but also has native WebCrypto, MSE, EME and an associate CDM. To function, the WebCrypto implementation, if up-to-spec, would need a polyfill for Promises. Can a secure up-to-spec WebCrypto implementation use a polyfill for Promises? My concern here is that is there a security risk introduced when handling the asynchronous nature of Promises via a polyfill (since it is necessarily in Javascript, not native) when mixed with an otherwise native implementation of WebCrypto? *Alternatively* Perhaps this WebCrypto implementation could not be up to the current WebCrypto spec, but only to an older version of the spec before Promises were required. Would such an implementation be so full of problems (because of the old WebCrypto spec, probably from June 2013) that it would not be secure? OR perhaps the answer is that the requirements that I was given don’t make sense, since (I theorize that) unextractable keys requires a native WebCrypto which requires a native implementation of Promises, which in turn requires ECMAScript 6? > On Aug 3, 2016, at 12:55 PM, Eric Roman <ericroman@google.com> wrote: > > I am not sure that I parsed your question or motivation correctly; will try to answer it two different ways: > > (a) If your environment doesn't have Promises, then necessarily your environment does not provide a native implementation of Web Crypto either (certainly not the version in the latest draft). > > In that case you would need to provide Web Crypto as a polyfill too, and so the question really is: > "are there security risks to using Web Crypto polyfill XXX rather than built in platform support?" > > Yes -- It depends on your polyfill, but assuming a Javascript-side implementation you should consider: > > * Implementation quality of the polyfill (is it a mature library that properly implements cryptographic primitives) > * Does your security model require unextractable keys (a Javascript polyfill almost surely cannot provide this; there are also subtle challenges like not revealing keying material due to non-constant timing of operations, for which all bets are off in a JS runtime environment). > > (b) If on the other hand your question is specifically about whether ECMAScript 6 provides important security features needed for Web Crypto, then the answer is No. The use of Promises for instance does not provide any security benefits. In fact earlier versions of the spec did not use Promises. > > On Tue, Aug 2, 2016 at 6:50 PM, Waitzman, David (Contractor) <David_Waitzman@comcast.com <mailto:David_Waitzman@comcast.com>> wrote: > I want to use WebCrypto, Encrypted Media Extensions, and Media Source Extensions in a context where only ECMAScript 5.1 is required. So I need to at least use a polyfill for Promise, as it is an ECMAScript 6 feature. Any other polyfills that I would need? Would any of those polyfill(s) somehow introduce a security risk that would not be present if ECMAScript 6 was instead used? -- David Waitzman Envieta Systems LLC
Received on Wednesday, 3 August 2016 23:03:37 UTC