28468 2015-04-12 07:18:28 +0000 Protected Document Exchange spec is broken, suggests only document encryption instead of using signatures (using the Authors Private Key, not the Servers) inside encryption to prevent Content altering 2016-04-27 21:05:40 +0000 1 1 1 Unclassified HTML WG HTML5 spec unspecified PC Linux RESOLVED WONTFIX https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#protected-document erratum P2 enhancement --- 1 obscurity0072 dave.null arronei mike public-html-admin public-html-wg-issue-tracking public-html-bugzilla oldest_to_newest 119442 0 obscurity0072 2015-04-12 07:18:28 +0000 In my honest opinion it is risky to solely trust on a TLS Connection to achieve full transport layer security. Imagine an Attacker gathers access to the Servers Domain / DNS-Entries, Server Hardware (the content signing Private Keys SHOULD NEVER BE placed directly on the Server to lower a complete Security Breach) or successfully executes a similar Attack. Exchanged Document SHOULD BE signed by the author and verified by the requesting Party. The Signature (using the servers own Private Key) SHOULD BE added to the Plaintext, otherwise (adding it outside the encryption) it may be manipulated when the connection is compromised. Allow me to suggest the following Procedural Improvements: Server 1. Content is signed with the Authors Private Key and available on the server, ready to be further processed 2. A random one-time encryption key is ... ... generated ... ... signed using the servers Private Key ... ... and encrypted with the User Agents Public Key 2. Content and Signature are encrypted using the previously generated one-time encryption key resulting as the Ciphertext 3. Signed & encrypted one-time encryption Key and Ciphertext are sent to the User Agent via TLS User Agent 1. Receives Signed & encrypted one-time encryption Key and Ciphertext 2. User Agent decrypts one-time encryption Key and verifies Signature (Servers Public Key) 3. Try to decrypt the Ciphertext with the previously decrypted key, when the signature verification (Authors Public Key) was successful 4. Verify signature found in the Ciphertext - Continue ONLY, when verification was successful 5. Display Document 126223 1 arronei 2016-04-27 21:05:40 +0000 HTML5.1 Bugzilla Bug Triage: Incubation needed This bug constitutes a request for a new feature of HTML. The current guidelines [1], rather than track such requests as bugs or issues, please create a proposal outlining the desired behavior, or at least a sketch of what is wanted (much of which is probably contained in this bug), and start the discussion/proposal in the WICG [2]. As your idea gains interest and momentum, it may be brought back into HTML through the Intent to Migrate process [3]. [1] https://github.com/w3c/html#contributing-to-this-repository [2] https://www.w3.org/community/wicg/ [3] https://wicg.github.io/admin/intent-to-migrate.html