28468 – Protected Document Exchange spec is broken, suggests only document encryption instead of using signatures (using the Authors Private Key, not the Servers) inside encryption to prevent Content altering

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 28468 - Protected Document Exchange spec is broken, suggests only document encryption instead of using signatures (using the Authors Private Key, not the Servers) inside encryption to prevent Content altering

Summary: Protected Document Exchange spec is broken, suggests only document encryption...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	HTML WG
Classification:	Unclassified
Component:	HTML5 spec (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 enhancement
Target Milestone:	---
Assignee:	This bug has no owner yet - up for the taking
QA Contact:	HTML WG Bugzilla archive list

URL:	https://dvcs.w3.org/hg/webcrypto-api/...
Whiteboard:
Keywords:	erratum

Depends on:
Blocks:

Reported:	2015-04-12 07:18 UTC by Kai Oliver Quambusch
Modified:	2016-04-27 21:05 UTC (History)
CC List:	4 users (show)

See Also:

Attachments

Description Kai Oliver Quambusch 2015-04-12 07:18:28 UTC

In my honest opinion it is risky to solely trust on a TLS Connection to achieve full transport layer security. Imagine an Attacker gathers access to the Servers Domain / DNS-Entries, Server Hardware (the content signing Private Keys SHOULD NEVER BE placed directly on the Server to lower a complete Security Breach) or successfully executes a similar Attack. Exchanged Document SHOULD BE signed by the author and verified by the requesting Party. The Signature (using the servers own Private Key) SHOULD BE added to the Plaintext, otherwise (adding it outside the encryption) it may be manipulated when the connection is compromised.

Allow me to suggest the following Procedural Improvements:

Server
1. Content is signed with the Authors Private Key and available on the server, ready to be further processed
2. A random one-time encryption key is ...
... generated ...
... signed using the servers Private Key ...
... and encrypted with the User Agents Public Key
2. Content and Signature are encrypted using the previously generated one-time encryption key resulting as the Ciphertext
3. Signed & encrypted one-time encryption Key and Ciphertext are sent to the User Agent via TLS

User Agent
1. Receives Signed & encrypted one-time encryption Key and Ciphertext
2. User Agent decrypts one-time encryption Key and verifies Signature (Servers Public Key)
3. Try to decrypt the Ciphertext with the previously decrypted key, when the signature verification (Authors Public Key) was successful
4. Verify signature found in the Ciphertext - Continue ONLY, when verification was successful
5. Display Document

Comment 1 Arron Eicholz 2016-04-27 21:05:40 UTC

HTML5.1 Bugzilla Bug Triage: Incubation needed

This bug constitutes a request for a new feature of HTML. The current guidelines [1], rather than track such requests as bugs or issues, please create a proposal outlining the desired behavior, or at least a sketch of what is wanted (much of which is probably contained in this bug), and start the discussion/proposal in the WICG [2]. As your idea gains interest and momentum, it may be brought back into HTML through the Intent to Migrate process [3].
[1] https://github.com/w3c/html#contributing-to-this-repository
[2] https://www.w3.org/community/wicg/
[3] https://wicg.github.io/admin/intent-to-migrate.html