Re: Agenda: <keygen> being destroyed when we need it

> On 4 Sep 2015, at 14:54, Henry Story <henry.story@co-operating.systems> wrote:
> 
>> 
>> On 2 Sep 2015, at 14:15, Wendy Seltzer <wseltzer@w3.org> wrote:
>> 
>> On 09/02/2015 04:06 AM, Melvin Carvalho wrote:
>>> On 1 September 2015 at 16:08, Tim Berners-Lee <timbl@w3.org> wrote:
>>> 
>>>> Folks
>>>> 
>>>> There is a strong move my Google chrome team followed by Firefox to remove
>>>> the <keygen> tag from HTML5.   This has been done without an issue being
>>>> raised in the WHATWG  or HTMLWG apparently.
>>>> 
>>>> <keygen> is important because it allows authentication systems to be build
>>>> in a distributed manner. It allows any Mom and Pop shop place to share
>>>> public keys for people they trust.    For example, MIT uses it to create
>>>> secure relationship with faculty and staff, and I use it for friends and
>>>> family.
>>>> 
>>>> Public key asymmetric crypto is generally so much stronger than the
>>>> password-based authentication.  It requires certificate management code to
>>>> be written.
>>>> 
>>> 
>>> IMHO we need an area of the browser under a user's control
>> 
>> That seems like a different, and more interesting requirement than
>> "keygen."
>> 
>> Keygen was a poorly designed, inconsistently implemented feature, that
>> many sophisticated users and developers found confusing. If we can
>> instead define what features we want to be able to build, and what they
>> depend on that's not provided by WebCrypto, and think about how we can
>> enable users to access these features without opening themselves up to
>> be phished or tracked, that feels like a more productive avenue for
>> discussion than "bring back keygen".
> 
> I think this is much too harsh on keygen btw. What is happening may be
> that the documentation in the HTML5 was not good enough at explaining how
> it worked. After a discussion on the WhatWG where one key argument against
> keygen turned out that it was insecure because of its use of MD5, and after an off
> list pointer to what the aleged reason of the problem was I wrote a detailed
> response to the WHATWG showing that MD5 has no effect on keygen, and 
> ansuggesting that improved wording of the spec may help diffuse this 
> misunderstanding.
> 
>   https://github.com/whatwg/html/issues/102
> 
> This did not stop the issue being closed within 15 minutes of my opening the
> issue. ( and I seem to be filterd now on the WHATWG mailing list ).

So yes the mail that referenced issue 102 linked to above was filtered and
censored for reasons of "security". This is surreal. A decision for removing
strong security from browsers is made on a mistaken understanding of how the
feature works. Then showing that the alleged security hole is illusory is
considered a potential security risk and is filtered. Here is the link to the 
mail:

  https://lists.w3.org/Archives/Public/public-whatwg-archive/2015Sep/0027.html

I am sorry to mention it, but how can this not make one think of secret courts using secret evidence ( and even secret laws ) ? This requires everyone to completely trust the cryptography experts and makes it then impossible to bring to light the implicit assumptions that are guiding their thinking, and that would perhaps when brought out in the open allow new possibilities to emerge. 

Henry

PS. I verified my position on the irrelevance of MD5 in keygen generated spkac with cryptography experts from openssl. It would be nice if some cryptography experts could at least confirm this here.

> 
> Henry
> 	 	
> 
>> 
>> --Wendy
>> 
>> 
>> -- 
>> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
>> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
>> http://wendy.seltzer.org/        +1.617.863.0613 (mobile)

Received on Saturday, 5 September 2015 12:06:09 UTC