Fwd: The futile war between Native and Web

FYI: some comments from Mozilla regarding improving cert management in the
browser (at least that was how I read it).

---------- Forwarded message ----------
From: Anne van Kesteren <annevk@annevk.nl>
Date: 16 February 2015 at 09:34
Subject: Re: The futile war between Native and Web
To: noloader@gmail.com
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, public-webapps WG <
public-webapps@w3.org>


On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloader@gmail.com> wrote:
> For the first point, Pinning with Overrides
> (tools.ietf.org/html/draft-ietf-websec-key-pinning) is a perfect
> example of the wrong security model. The organizations I work with did
> not drink the Web 2.0 koolaide, its its not acceptable to them that an
> adversary can so easily break the secure channel.

What would you suggest instead?


> For the second point, and as a security architect, I regularly reject
> browser-based apps that operate on medium and high value data because
> we can't place the security controls needed to handle the data. The
> browser based apps are fine for low value data.
>
> An example of the lack of security controls is device provisioning and
> client authentication. We don't have protected or isolated storage,
> browsers can't safely persist provisioning shared secrets, secret
> material is extractable (even if marked non-extractable), browsers
> can't handle client certificates, browsers are more than happy to
> cough up a secret to any server with a certificate or public key (even
> the wrong ones), ...

So you would like physical storage on disk to be segmented by eTLD+1
or some such?

As for the certificate issues, did you file bugs?


I think there definitely is interest in making the web suitable for
this over time. It would help if the requirements were documented
somewhere.


--
https://annevankesteren.nl/