W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2015

Re: WebRTC Certificate Management - a plea to NOT use Web Crypto

From: Justin Uberti <juberti@google.com>
Date: Wed, 7 Jan 2015 10:16:58 -0800
Message-ID: <CAOJ7v-21syKJyJPvJz=b=PfOG2ncFpADYcJbjXBy3t+H7Q4RXg@mail.gmail.com>
To: Aymeric Vitte <vitteaymeric@gmail.com>
Cc: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Harry Halpin <hhalpin@w3.org>, Ryan Sleevi <sleevi@google.com>, Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, "public-webrtc@w3.org" <public-webrtc@w3.org>, Richard Barnes <rlb@ipv.sx>
That is Ryan's point #2, IIUC, but he is also putting forth point #1, which
is that a key object is the wrong abstraction for WebRTC to use here;
rather, it should be some form of serializable 'Identity' object, and the
fact that said object would contain a key (at least, at present) is simply
an implementation detail.

The general usage pattern here, for an application that wants key
continuity, would be as follows:

initial setup:
key = RTCGenerateKey();
serialize(key, storage);

placing a call:
key = deserialize(storage);
pc = new RTCPeerConnection({dtlsKeys: key});


On Wed, Jan 7, 2015 at 10:08 AM, Aymeric Vitte <vitteaymeric@gmail.com>
wrote:

> Reading this whole thread It's difficult to know what to think.
>
> Trying to summarize, if I understood correctly, basically Ryan is stating
> that nothing that is specced in WebCrypto does apply to the WebRTC keys, so
> even a WebRTC key compatible with WebCrypto would be of no use since it can
> not use anything from WebCrypto, except exportKey for public keys which is
> a trivial case, and that what is specced intentionnally does not apply to
> some crypto needs such as those of WebRTC, which can look surprising.
>
> Probably a code example about how WebRTC intends to use WebCrypto for the
> keys would be helpful.
>
> Le 07/01/2015 12:01, GALINDO Virginie a écrit :
>
>  Hi all,
>>
>> I am supporting the idea to set up a call between webRTC and Web Crypto
>> folks as suggested by Harry.
>> I think that to move forward the discussion, it would be helpful to
>> understand what are the special requirements that Web RTC keys do require
>> (a pointer to previous discussions would help me at least).
>>
>> We could also envisage to address special requirements in the next Web
>> Crypto WG deliverables, as Web Crypto WG is in the process of rechartering.
>>
>> Regards,
>> Virginie Galindo
>> Chair of Web Crypto WG
>>
>> -----Original Message-----
>> From: Harry Halpin [mailto:hhalpin@w3.org]
>> Sent: mardi 6 janvier 2015 10:31
>> To: Ryan Sleevi; Justin Uberti
>> Cc: Eric Rescorla; Martin Thomson; public-webcrypto@w3.org;
>> public-webrtc@w3.org; Richard Barnes
>> Subject: Re: WebRTC Certificate Management - a plea to NOT use Web Crypto
>>
>>
>>
>> On 01/06/2015 02:24 AM, Ryan Sleevi wrote:
>>
>>> On Mon, Jan 5, 2015 at 4:42 PM, Justin Uberti <juberti@google.com>
>>> wrote:
>>>
>>>> We did talk about it, and my takeaway at the time was that the best
>>>> path forward would be for WebRTC to define its own key-generate
>>>> function, and return an object that was API-compatible with WebCrypto
>>>> (so that we didn't have two different objects in the web platform to
>>>> represent 'key'). As Eric says, this became the basis of the current
>>>> proposal, so you can blame me for any misinterpretation.
>>>>
>>> Without trying to set out blame (since this was a conversation held
>>> with multiple people), I think the important thing to focus on here is
>>> "so that we didn't have two different objects in the web platform to
>>> represent 'key'"
>>>
>>> My original message, and my point of view, is to challenge
>>> 1) the idea that what WebRTC is dealing with is logically a 'key'
>>> 2) the idea that it's a bad thing to have two different objects for
>>> these two different APIs
>>>
>>> Put differently (to avoid both double negatives and ambiguity)
>>> - I do not think that WebRTC is dealing with anything that logically
>>> makes sense to be dealt with at a 'key' level binding
>>> - More importantly, that users and developers are better served by
>>> treating these two different APIs as different objects with different
>>> use cases
>>>
>>> I'm not sure how best to move this conversation forward. I see there
>>> being at least two areas of disagreement on this thread:
>>> - Cullen's assertion that WebRTC serves as a form of a crypto API, and
>>> thus we should strive for alignment
>>> - Richard's assertion that Web Crypto designed CryptoKey to be the
>>> basis for key objects
>>>
>>>  Although the larger question (should WebRTC use WebCrypto) is clearly a
>> WebRTC question, if people in both WebCrypto and WebRTC want to set up a
>> joint teleconference to sort this out, I'm happy to set it up at a time
>> convenient for both parties.
>>
>> In general, it should be expected that other standards in the future
>> build on WebCrypto. That being said, with W3C hat off, I think Ryan's
>> objections in this case make sense but again, we don't want two kinds of
>> 'keys.'
>>
>>            cheers,
>>                 harry
>>
>>> The former is a question for WebRTC WG, the latter is a question for
>>> the Web Crypto WG.
>>>
>>> While these could benefit from more discussion, I think the most
>>> important thing to do would be to keep in mind the priority of
>>> constituencies [1], and in particular, asking how the different
>>> proposed solutions work with developers' expectations. I think a
>>> solution that uses CryptoKey for WebRTC is going to fly in the face of
>>> a lot of expectations, and the only way in which it seems to align is
>>> in theoretical purity (since it provides no practical value to
>>> developers and nominal value for _some_ implementors)
>>>
>>> [1]
>>> http://www.w3.org/TR/html-design-principles/#priority-of-constituencie
>>> s
>>>
>>>  ________________________________
>>   This message and any attachments are intended solely for the addressees
>> and may contain confidential information. Any unauthorized use or
>> disclosure, either whole or partial, is prohibited.
>> E-mails are susceptible to alteration. Our company shall not be liable
>> for the message if altered, changed or falsified. If you are not the
>> intended recipient of this message, please delete it and notify the sender.
>> Although all reasonable efforts have been made to keep this transmission
>> free from viruses, the sender will not be liable for damages caused by a
>> transmitted virus.
>>
>
> --
> Peersm : http://www.peersm.com
> torrent-live: https://github.com/Ayms/torrent-live
> node-Tor : https://www.github.com/Ayms/node-Tor
> GitHub : https://www.github.com/Ayms
>
>
Received on Wednesday, 7 January 2015 18:17:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:42 UTC