W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Mark Nottingham <mnot@mnot.net>
Date: Sun, 21 Dec 2014 08:50:41 +1100
Cc: Marc Fawzi <marc.fawzi@gmail.com>, Tim Berners-Lee <timbl@w3.org>, "Eric J. Bowman" <eric@bisonsystems.net>, Chris Palmer <palmer@google.com>, Melvin Carvalho <melvincarvalho@gmail.com>, Public TAG List <www-tag@w3.org>
Message-Id: <5C517467-A508-40A2-A44E-37160D370F1D@mnot.net>
To: Domenic Denicola <d@domenic.me>
+1 here. This sort of approach isn’t likely to pass the giggle test in any security community, not only because of bootstrapping, but also because of the homemade crypto problem.

WRT “blanket the whole web” — I want to emphasise that the goal here is not to make everyone deploy TLS against their will; it’s to a) make sure that TLS is used for features that expose powerful features, and b) reduce the barrier to entry to using TLS. This gets us to a place where *more* of the Web uses TLS, which means that more private data, behaviour, etc. is protected — and it also means that there’s a stronger ecosystem of crypto-using sites, making things like pervasive monitoring more difficult as well. If a site really wants to use unprotected HTTP and don’t need to use any new powerful features, they’ll still be able to.


> Why are you so intent on reinventing secure transport with WebCrypto? Is this some sort of everything-must-be-JavaScript thing?
> We have a system that works. Use it. Don't reinvent a new one, spend ten years discovering the myriad of flaws, and then another twenty trying to get wide adoption.
> I really see no reason to "help out" with this quixotic campaign.
> -----Original Message-----
> From: Marc Fawzi [mailto:marc.fawzi@gmail.com] 
> Sent: Saturday, December 20, 2014 08:27
> To: Domenic Denicola
> Cc: Tim Berners-Lee; Eric J. Bowman; Chris Palmer; Melvin Carvalho; Mark Nottingham; Public TAG List
> Subject: Re: Draft finding - "Transitioning the Web to HTTPS"
> Domenic
> What Tim laid out is exactly why I'm excited about web Crypto, but you have a point about the initial download of whatever system implemented on top of it. 
> What if the system was built into a Chrome extension and downloaded via https from the Chrome Web Store? I had a chat with the developer behind AdBlock and he actually wrote a script to check periodically to make sure his extension on the Chrome store hasn't been replaced with a non-official version. He said its for potentially rogue employees. He had hired some developer(s) to take over the development of the plugin. In the same way, plugin developers can release sensitive plugins on the chrome web store and users can be sure that they're downloading the valid version (via https) After that, everything Tim said (which is inspiring btw) should be implementable and can work over http. 
> So can we just not go knee-jerk and blanket the web with https when it may only be needed in a few places (assuming web crypto based systems will be developed as built in browser functionality or as plugins downloaded from browser vendor's store?)
> Help us out here!
> Sent from my iPhone
>> On Dec 19, 2014, at 7:51 PM, Domenic Denicola <d@domenic.me> wrote:
>> From: Tim Berners-Lee [mailto:timbl@w3.org] 
>>> Yes, but once the webcrypto code is unpolyfilled into the browser that attack will go away, and you will be able to use it to build new trust systems, right?
>> No, sad to say. Since the network attacker could modify whatever JavaScript code you are using to implement those trust systems, or could even simply insert something like
>> Object.defineProperty(window.crypto, "subtle", {
>> get() {
>>   return new CompletelyFakeWebCryptoImplementation();
>> }
>> });

Mark Nottingham   http://www.mnot.net/
Received on Saturday, 20 December 2014 21:51:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC