Re: [http-auth] [saag] re-call for IETF http-auth BoF
Nico Williams <nico@cryptonector.com> Tue, 07 June 2011 02:30 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E592C11E8082 for <http-auth@ietfa.amsl.com>; Mon, 6 Jun 2011 19:30:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r7Oi6Pm9lKRD for <http-auth@ietfa.amsl.com>; Mon, 6 Jun 2011 19:30:35 -0700 (PDT)
Received: from homiemail-a35.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id 42C3611E8080 for <http-auth@ietf.org>; Mon, 6 Jun 2011 19:30:35 -0700 (PDT)
Received: from homiemail-a35.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTP id 075D454078 for <http-auth@ietf.org>; Mon, 6 Jun 2011 19:30:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=sEynoOrdAg2OcM6ds23NQ 5JVeo7013gS4Wkv5H3vXBqMonBiH1z9VIR5pI+VttXzTafkMQ/A1/2WbN1Ix4+7H CsnbZHLYVlvMXM4u8DcxtnEbDCynW0x54ZZPO+qboY6QnYznxKexyRDn0ahCKggk aOJbAylXV3XD/DSGTFWASs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=Tt6o6BfdPjfNiChJzuoY tC49YQM=; b=w3E5okuGEdYL0iPbh2ZhazDX7n6i7VYXwdKVbNUwi4axk//nebZ2 xRCMpKYSuGXz/e7lFTdK2PEpDMo3SJXQWvM+3DqQ+dEIJlhMTF8VDnJtfvmi951c Ao95qzfNlCJFM5WpLK5dPNvUognb6ltDVgng7U2mvuIlf0G03CiFdxc=
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTPSA id E8B5F54077 for <http-auth@ietf.org>; Mon, 6 Jun 2011 19:30:34 -0700 (PDT)
Received: by pzk5 with SMTP id 5so2470125pzk.31 for <http-auth@ietf.org>; Mon, 06 Jun 2011 19:30:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.20.137 with SMTP id n9mr38040pbe.121.1307413834593; Mon, 06 Jun 2011 19:30:34 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Mon, 6 Jun 2011 19:30:34 -0700 (PDT)
In-Reply-To: <4DED8A12.7020305@extendedsubset.com>
References: <878vtgfbs1.fsf@bluewind.rcis.aist.go.jp> <A89D85D0-00AB-4F21-8841-6707E9CDCFC4@gmx.net> <BANLkTind5rg-tOZJ+B2ocD_s=9_-rufH5Q@mail.gmail.com> <4DED55C5.1010306@extendedsubset.com> <4DED6EC9.4040300@cs.tcd.ie> <4DED8A12.7020305@extendedsubset.com>
Date: Mon, 06 Jun 2011 21:30:34 -0500
Message-ID: <BANLkTinvsOtSq=TcoN=MKNn1RjSO-UGUTQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Marsh Ray <marsh@extendedsubset.com>
Content-Type: text/plain; charset="UTF-8"
Cc: http-auth@ietf.org
Subject: Re: [http-auth] [saag] re-call for IETF http-auth BoF
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2011 02:30:36 -0000
On Mon, Jun 6, 2011 at 9:16 PM, Marsh Ray <marsh@extendedsubset.com> wrote: > On 06/06/2011 07:20 PM, Stephen Farrell wrote: >> On 06/06/11 23:33, Marsh Ray wrote: >>> Don't worry about it, they're not going to work even that well. >> >> Just trying to understand this. Why won't what work well? > > Well you can probably make the math more efficient. You could certainly > improve on the crypto handling ability of a language like Javascript which > has neither secure memory overwrite nor constant time comparison operations. > > But is there any plausible attack scenario where crypto in the web page adds > meaningful security? > > I don't think so. Either: > > A. TLS is correctly securing the connection, in which case you could just as > easily ship the plaintext to the server, or > > B. TLS is not present or ineffective, in which case it's the attacker who > controls what script is running in the page to such an extent that it's not > even worth discussing distinctions in the degree of the compromise. I.e., > pwned. Exactly. There is, however, a third possibility: code signing. That is, we could have a script (and, for that matter, HTML document) signing mechanism, then browsers could trust signed code even if not delivered over TLS. Note though: I'm not advocating code signing. On the web code changes much too often, for one. But the biggest problem is that you'd have to make sure that there's no leakage of untrusted bits into a page such that trusted code could be subverted to perform actions that it should not. Web pages nowadays consist of a great many objects that have to be fethced via HTTP -- this means that code signature verification for all of them would be akin to using HTTP/1.0 (i.e., not pipelining) and TLS w/o session resumption, in that an asymmetric crypto operation would be required for each object. That's a lot of asymmetric crypto!! In short, I don't think code signing on the web is a terribly practical idea, except, maybe, for generally stable libraries. There's also a fourth possibility: that crypto APIs will be used to access PKCS#11-like tokens (soft or hardware). But the browser, and therefore the user, will never know what a script means to do when using a given key, which means that we couldn't gain much security from this fourth possibility. We're left with the two options that Marsh stated, and which more than one of us explained at the W3C workshop (these are obvious problems), which means that JS crypto will add no security. Nico --
- Re: [http-auth] [saag] re-call for IETF http-auth… Yutaka OIWA
- Re: [http-auth] [saag] re-call for IETF http-auth… Tim
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- [http-auth] re-call for IETF http-auth BoF Yutaka OIWA
- Re: [http-auth] re-call for IETF http-auth BoF Harry Halpin
- Re: [http-auth] [saag] re-call for IETF http-auth… Hannes Tschofenig
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] [saag] re-call for IETF http-auth… Tim
- Re: [http-auth] [saag] re-call for IETF http-auth… Marsh Ray
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] [saag] re-call for IETF http-auth… Stephen Farrell
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] [saag] re-call for IETF http-auth… Marsh Ray
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] re-call for IETF http-auth BoF Yutaka OIWA
- Re: [http-auth] re-call for IETF http-auth BoF Yutaka OIWA
- Re: [http-auth] re-call for IETF http-auth BoF Julian Reschke
- [http-auth] Fwd: re-call for IETF http-auth BoF Yutaka OIWA
- Re: [http-auth] [websec] re-call for IETF http-au… Phillip Hallam-Baker
- Re: [http-auth] [websec] re-call for IETF http-au… Alexey Melnikov
- Re: [http-auth] [saag] [websec] re-call for IETF … Peter Gutmann
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [websec] [saag] re-call for IETF … Stephen Farrell
- Re: [http-auth] [websec] [saag] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Yutaka OIWA
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Yutaka OIWA
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … KIHARA, Boku
- [http-auth] Fwd: [saag] [websec] re-call for IETF… KIHARA, Boku
- Re: [http-auth] [websec] Fwd: [saag] re-call for … Thomas Roessler
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Yutaka OIWA
- Re: [http-auth] [saag] [websec] re-call for IETF … Yutaka OIWA
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Peter Gutmann
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Josh Howlett
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Marc Williams
- Re: [http-auth] [saag] [websec] Fwd: re-call for … SHIMIZU, Kazuki
- Re: [http-auth] [saag] [websec] Fwd: re-call for … GOGWIM, JOEL GODWIN
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Nico Williams
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Henry B. Hotz
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Yutaka OIWA
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Yutaka OIWA
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Yaron Sheffer
- Re: [http-auth] [websec] [saag] Fwd: re-call for … Marsh Ray
- Re: [http-auth] [websec] [saag] Fwd: re-call for … Stephen Farrell
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Phillip Hallam-Baker
- Re: [http-auth] [websec] [saag] re-call for IETF … Thomas Fossati
- Re: [http-auth] [websec] [saag] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Henry B. Hotz