Re: Call for adoption - use case for "Trusted application, untrusted intermediary" from Adam Roach on 2018-11-26 (public-webrtc@w3.org from November 2018)

From: Adam Roach <adam@nostrum.com>
Date: Mon, 26 Nov 2018 12:59:14 -0600
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, Eric Rescorla <ekr@rtfm.com>
Cc: Nils Ohlmeier <nohlmeier@mozilla.com>, public-webrtc@w3.org
Message-ID: <c8b2f4d1-cd04-2aeb-eee9-4a539c25cb82@nostrum.com>

On 11/25/18 4:16 PM, Sergio Garcia Murillo wrote:
> That the IdP script is trusted, so I don't see any reason why it can't 
> handle the keys.

This doesn't make any sense. There's nothing that prevents the domain 
hosting the application JavaScript from pointing to its own IdP (or an 
IdP under its control) using setIdentityProvider() -- which has the 
exact same security properties of handing the key to itself under your 
proposal.

The IdP is trusted to do one very exact and precise thing. Media key 
handling is very different than identity assertion.

/a

Received on Monday, 26 November 2018 18:59:50 UTC