Closed Bug 978867 Opened 11 years ago Closed 10 years ago

Make WebCrypto compatible with existing Firefox client-PKI support

Categories

(Core :: DOM: Security, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: anders.rundgren.net, Unassigned)

Details

Attachments

(1 file)

The unavailability of this interface greatly reduces the value of WebCrypto. Long-term this deficit will lead to major code duplication issues for IMO no reason at all. There are multiple solutions possible, enclosed is a proposal which shouldn't be hard to implement or make use of.
A few more motives for this update: - It is said that WebCrypto needs a smart card interface. It doesn't, by using a "bridge" of the kind suggested here, the existing smart card including PINs (which also is missing in WebCrypto) can be reused "as is" - Major objections to using HTTPS CCA (Client Certificate Authentication) include no way to influence the GUI like you can for form-based auth and lack of compatibility with web sessions. Yes, there's not even a working logout. The "bridge" solution allows sites creating secure but customized logins that are fully compatible with the rest of the web application.
QA Whiteboard: allstars.chh@mozilla.com,amac@tid.es,anders.rundgren.net@gmail.com,annevk@annevk.nl,brian@briansmith.org,bugzilla@nulltxt.se,ckarlof@mozilla.com,dhylands@mozilla.com,ehsan@mozilla.com,etienne@segonzac.info,gdestuynder@mozilla.com,honzab.moz@firemni.cz,ian
QA Whiteboard: allstars.chh@mozilla.com,amac@tid.es,anders.rundgren.net@gmail.com,annevk@annevk.nl,brian@briansmith.org,bugzilla@nulltxt.se,ckarlof@mozilla.com,dhylands@mozilla.com,ehsan@mozilla.com,etienne@segonzac.info,gdestuynder@mozilla.com,honzab.moz@firemni.cz,ian
Technically the WebCrypto implementation probably only would need to expand the "Key" interface underpinnings so that a Key object either points to the original WebCrypto scheme or to another holding NSS provider and key id.
Did you mean to send this feedback to this mailing list? <http://lists.w3.org/Archives/Public/public-webcrypto-comments/>
This proposal has already been published on the WebCrypto comment list. It didn't got any sanction or support but since no alternatives have been suggested either, I feel pretty safe that this represents a good intermediate step :-) The proposal is also very different to Google's recently introduced U2F scheme so there is no overlap in case Mozilla wants to support U2F (which probably is wise). http://fidoalliance.org/specifications/download A possible next iteration requires a considerably updated platform to run. This version is designed to (among many things) be the core for future web payments: http://webpki.org/papers/PKI/pki-webcrypto.pdf
Component: Security → DOM: Security
Product: Firefox → Core
WebCrypto has pretty much turned out to be a "solution looking for a problem". Google recently recommended a user looking into: http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html I believe this is a more fruitful venue.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
This is also a replacement for WebCrypto: https://bugzilla.mozilla.org/show_bug.cgi?id=1065729
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: