Re: Agenda: <keygen> being destroyed when we need it from Melvin Carvalho on 2015-09-02 (www-tag@w3.org from September 2015)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 2 Sep 2015 16:12:07 +0200
To: Wendy Seltzer <wseltzer@w3.org>
Cc: Tim Berners-Lee <timbl@w3.org>, TAG List <www-tag@w3.org>
Message-ID: <CAKaEYhKDzKH_BjwJDeNRpWRZaS1D-mhkDA9mjYRAcEz+G13-8g@mail.gmail.com>

On 2 September 2015 at 14:15, Wendy Seltzer <wseltzer@w3.org> wrote:

> On 09/02/2015 04:06 AM, Melvin Carvalho wrote:
> > On 1 September 2015 at 16:08, Tim Berners-Lee <timbl@w3.org> wrote:
> >
> >> Folks
> >>
> >> There is a strong move my Google chrome team followed by Firefox to
> remove
> >> the <keygen> tag from HTML5.   This has been done without an issue being
> >> raised in the WHATWG  or HTMLWG apparently.
> >>
> >> <keygen> is important because it allows authentication systems to be
> build
> >> in a distributed manner. It allows any Mom and Pop shop place to share
> >> public keys for people they trust.    For example, MIT uses it to create
> >> secure relationship with faculty and staff, and I use it for friends and
> >> family.
> >>
> >> Public key asymmetric crypto is generally so much stronger than the
> >> password-based authentication.  It requires certificate management code
> to
> >> be written.
> >>
> >
> > IMHO we need an area of the browser under a user's control
>
> That seems like a different, and more interesting requirement than
> "keygen."
>

[sorry gmail sent previous mid flow]

keygen puts a keypair/certificate into an area of the browser (chrome) that
is under user control, in the sense that the key material is protected from
downloaded javascript, but the user has

- ability to manage the key/certificate (view / import / export)
- ability to choose when this key is used


>
> Keygen was a poorly designed, inconsistently implemented feature, that
> many sophisticated users and developers found confusing. If we can
> instead define what features we want to be able to build, and what they
> depend on that's not provided by WebCrypto, and think about how we can
> enable users to access these features without opening themselves up to
> be phished or tracked, that feels like a more productive avenue for
> discussion than "bring back keygen".
>

I there are good UIs already implemented in most browsers, for example, for
sharing location.  Your location is under your control, but you can choose
when you want to share it.

Similarly, if keygen were able to do something similar with a keypair and
minimal identity atributes e.g.

- public key
- signing a challenge to authenticate
- avatar
- url
- name

Which is a summary of the fields in an X.509 data structure, I think that
would be idea.  By giving the user choice of which sites to share their
details with, like with location, you prevent some attacks.


>
> --Wendy
>
>
> --
> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
> http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
>
>

Received on Wednesday, 2 September 2015 14:12:37 UTC