Re: Call for Consensus: Require secure context for WebCrypto from Jason Proctor on 2016-07-15 (public-webcrypto@w3.org from July 2016)

From: Jason Proctor <jason@mono.hm>
Date: Fri, 15 Jul 2016 12:30:13 -0700
To: Mark Watson <watsonm@netflix.com>
Cc: Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CALQanA+aJh1HytpF7Qk4CFu1+i9uB=XG=C=Z1zQVH61JrnY47A@mail.gmail.com>

there's currently an exception made when the origin is localhost. i trust
that exception will be allowed to remain?



On Thu, Jul 14, 2016 at 8:53 AM, Mark Watson <watsonm@netflix.com> wrote:

> I believe the proposal on the call was to _require_ a secure origin
> for access to WebCrypto methods. So, a browser which supported them on
> an insecure context would be non-compliant.
>
> This means that WebCrypto methods should fail if the origin is not
> secure (or, more specifically, I've proposed in a PR 'if the incumbent
> settings object is not a secure context').
>
> An alternative might be that window.crypto.subtle is undefined if the
> origin is not secure, but methods failing is what Chrome already does.
>
> ...Mark
>
> > On Jul 14, 2016, at 7:59 AM, Harry Halpin <hhalpin@w3.org> wrote:
> >
> > Also, feel free to comment on Github rather than the list:
> > https://github.com/w3c/webcrypto/issues/28
> >
> >> On 07/14/2016 04:35 PM, Harry Halpin wrote:
> >> We're thinking of adding a sentence saying that secure origins should be
> >> required for the use of WebCrypto.
> >>
> >> In detail, we'd like to follow the definition of a secure context given
> >> here [1], although since that document is still an editor's draft so we
> >> will instead say that the "The top-level browsing context should be
> >> secure when using the WebCrypto API."
> >>
> >> People may also want to see this document, which mentions how the use of
> >> WebCrypto within a secure origin can lead to l
> >> https://w3c.github.io/webappsec-secure-contexts/#ancestors
> >>
> >> Since all browsers support WebCrypto using TLS, this should not change
> >> the test-suite or conformance requirements. As long as browsers enable
> >> the usage of WebCrypto in TLS, we will not consider them non-conformant
> >> if they offer the usage of WebCrypto outside TLS. However, given it is
> >> not best practice, this note will at least inform developers to use TLS
> >> properly when using WebCrypto, as otherwise (as we've seen), some
> >> developers may believe enabling WebCrypto without TLS may give them
> >> security properties it indeed does not.
> >>
> >> We'll have a two week period for discussion before making any changes to
> >> the spec in this regard.
> >>
> >>  cheers,
> >>    harry
> >>
> >> [1] https://w3c.github.io/webappsec-secure-contexts
> >
> >
>
>

Received on Friday, 15 July 2016 19:30:44 UTC