[whatwg] Proposal for secure key-value data stores

Jonas Sicking jonas at sicking.cc
Wed Apr 7 16:48:12 PDT 2010


On Wed, Apr 7, 2010 at 4:29 PM, Jeremy Orlow <jorlow at chromium.org> wrote:
>> > In regards to data expiration, part of ensuring the security of data is
>> > knowing how long it will be stored on disk. If I let someone borrow my
>> > computer to check their email, and the email client happens to save some
>> > data onto the client, then that person’s data will now be on my disk for
>> > who
>> > knows how long. That represents a data security issue. By allowing an
>> > expiration date to be tied to the data, you can have reasonable
>> > assurance
>> > that the data isn’t just going to be sitting around waiting for someone
>> > to
>> > try and use it.
>> >
>>
>> It is true that not having control over your data could be an issue, but
>> simply
>> embedding expiry into the data may not buy you much to protect it. Insofar
>> as the crypto wouldn't be running in a TPM, it would be easy to reverse
>> engineer
>> it and extract the data; it would also be fairly easy to reset the
>> clock on the device
>> to keep data from being deleted.
>
> One thing that might be interesting is a way to cache large amounts of data
> that are deleted when the browser and/or tab closes.  This might be
> something for the new file system API to consider (hence adding ericu to the
> thread).  But time based controls aren't going to do anything more than give
> perceived security.  (In your use case, expiration doesn't add much actual
> security for the reasons Dirk mentioned.)

I disagree. Having data time out is a good "additional layer" of
security. For example if your laptop gets stolen, then it's much
better if the thief only gets access to the sites you've used the last
24h, than any site you've ever used.

This is why people do things like enforce password changes every X
weeks. Yes, password changing has social downsides, like people
writing down passwords on post-its etc. However those problems do not
seem to apply here.

So I don't think anyone is arguing that expiration is good security in
and of itself. But it is a good (and low cost) way of getting
additional security.

/ Jonas



More information about the whatwg mailing list