- From: Ryan Sleevi <sleevi@google.com>
- Date: Fri, 7 Sep 2012 11:49:02 -0700
- To: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
- Cc: GALINDO Virginie <Virginie.GALINDO@gemalto.com>, Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org Working Group" <public-webcrypto@w3.org>, Arun Ranganathan <arun@mozilla.com>, "estark@mit.edu" <estark@mit.edu>, Mitch Zollinger <mzollinger@netflix.com>
On Fri, Sep 7, 2012 at 10:19 AM, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com> wrote: > I'm fine with Mark's suggested changes. Here is a further condensed version incorporating the spirit of those changes. Mark, do you like this text or would you rather go back to the previous text with smaller tweaks? > > Out-of-Band Key Provisioning > > Web applications may wish to use keys that have been provisioned through means outside the scope of this API. This may include keys that are provisioned through platform-specific native APIs, stored in secure elements such as smart cards or trusted platform modules (TPMs), or individually bound to devices at time of manufacturing. Such keys may, for example, be used to prove the identity of the client to a specific web service. User agents may choose to expose such keys to web applications after implementing appropriate security and privacy mitigations, such as gaining user consent or other out-of-band authorization. > > In this scenario, a web application discovers a pre-provisioned key based on its attributes and uses it to perform authorized cryptographic operations as part of a protocol with a server. The server may utilize knowledge (obtained out-of-band) regarding the key's provisioning to make access control and policy decisions, such as inferring the identity of the user and/or device and customizing its responses based on that. > Thanks for this text, Vijay. I Agree, it definitely reads nicer. One concern though would be the statement "Such keys may, for example, be used to prove the identity of the client to a specific web service." I'm not sure this is a fair or accurate statement, and reflects the general problem of crypto - keys don't prove identities, just that the keys are accessible. The identity is inferred from that access - with the hope/assumption that only the authorized identity has access. I'm not sure if the sentence is essential to the use case, and would suggest just removing it, but in the event there is disagreement, one possible way to restate this would be "Such keys may, for example, be used to assist in identifying a client to a specific web service." This also makes it consistent with the second paragraph, which acknowledges that the protocol merely assists in inferring the identity, rather than proving it.
Received on Friday, 7 September 2012 18:49:29 UTC