Re: Call for Consensus: Require secure context for WebCrypto from Mark Watson on 2016-07-14 (public-webcrypto@w3.org from July 2016)

From: Mark Watson <watsonm@netflix.com>
Date: Thu, 14 Jul 2016 08:53:13 -0700
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <6567180747269702063@unknownmsgid>

I believe the proposal on the call was to _require_ a secure origin
for access to WebCrypto methods. So, a browser which supported them on
an insecure context would be non-compliant.

This means that WebCrypto methods should fail if the origin is not
secure (or, more specifically, I've proposed in a PR 'if the incumbent
settings object is not a secure context').

An alternative might be that window.crypto.subtle is undefined if the
origin is not secure, but methods failing is what Chrome already does.

...Mark

> On Jul 14, 2016, at 7:59 AM, Harry Halpin <hhalpin@w3.org> wrote:
>
> Also, feel free to comment on Github rather than the list:
> https://github.com/w3c/webcrypto/issues/28
>
>> On 07/14/2016 04:35 PM, Harry Halpin wrote:
>> We're thinking of adding a sentence saying that secure origins should be
>> required for the use of WebCrypto.
>>
>> In detail, we'd like to follow the definition of a secure context given
>> here [1], although since that document is still an editor's draft so we
>> will instead say that the "The top-level browsing context should be
>> secure when using the WebCrypto API."
>>
>> People may also want to see this document, which mentions how the use of
>> WebCrypto within a secure origin can lead to l
>> https://w3c.github.io/webappsec-secure-contexts/#ancestors
>>
>> Since all browsers support WebCrypto using TLS, this should not change
>> the test-suite or conformance requirements. As long as browsers enable
>> the usage of WebCrypto in TLS, we will not consider them non-conformant
>> if they offer the usage of WebCrypto outside TLS. However, given it is
>> not best practice, this note will at least inform developers to use TLS
>> properly when using WebCrypto, as otherwise (as we've seen), some
>> developers may believe enabling WebCrypto without TLS may give them
>> security properties it indeed does not.
>>
>> We'll have a two week period for discussion before making any changes to
>> the spec in this regard.
>>
>>  cheers,
>>    harry
>>
>> [1] https://w3c.github.io/webappsec-secure-contexts
>
>

Received on Thursday, 14 July 2016 15:53:46 UTC