W3C

- DRAFT -

SV_MEETING_TITLE

24 Oct 2018

Attendees

Present
Regrets
Chair
SV_MEETING_CHAIR
Scribe
ryo-k

Contents

Why do crypto in TEE? -> Does not expose secrets, less chances of side channel attacks

Other use cases: distributed computing (blockchain), authentication (webauthn), content protection

Hollywood content: You can't watch content that's higher than HD if you don't have hardware robustness

Q: Is security in the browser sufficient? If not, what's the problem?

Exposing TEE as a service and run arbitrary code?

-> user can see the code, transparency

once you're in TEE, you can't get out of it unless explicitly allowed. isolated.

which level of API is going to be exposed?

exposing very fine-grained API might introduce a chance for misprogramming that exposes secrets?

mitigation: enrypted content that go into TEE -> you can't get it out unless re-encrypted

TEE can become an "oracle" that a bad actor can use

If you exposed it as a service, what prevents it from being used by a malicious actor?

Hardware Security WG

-> mostly interested in external devices, not specifically in TEE/TPMs

What's different from WebCrypto?

Is it safe? -> Web browsers are a platform for arbitrary code execution!

there is a difference that TEE is isolated from other programs/OS

q. Is it possible to detect malicious code being injected?

Enhancing WebCrypto API may be a better way to go?

Verify what kind of code that is run on the TEE?

q. Who is the attacker in this case?

The user? The OS?

Bank websites may not want script injected, but the user may want password managers to inject script

Inputs into the trusted environment is coming from an untrusted environment

If you don't give the TEE to securely prompt the user, use the network, ... what's the point of using a TEE?

use case of building a WebAuthn authenticator on a general-purpose computer that has a TEE

one of the difficulties of standardizing a spec like this comes from differences in the capabilities of TEEs

groups to propose to? -> WebAuthn, Web Incubator

Signing code

Identity

CTAP https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2018/10/24 12:43:37 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)


WARNING: No "Present: ... " found!
You can indicate people for the Present list like this:
        <dbooth> Present: dbooth jonathan mary
        <dbooth> Present+ amy
        <amy> Present+

No ScribeNick specified.  Guessing ScribeNick: ryo-k
Inferring Scribes: ryo-k

WARNING: No "Topic:" lines found.


WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting


WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]