[whatwg] Proposal for secure key-value data stores

Jeremy Orlow jorlow at chromium.org
Tue Aug 17 04:00:34 PDT 2010

On Tue, Aug 17, 2010 at 12:03 AM, Evan Ireland <eireland at sybase.com> wrote:

> One of our key concerns is with Web SQL Database API (which we prefer) or
> Indexed Database API.
> I might wish to build an offline web application which will refuse to
> operate if the browser cannot guarantee that the database is encrypted. Now
> full-disk encryption would be fine (if the O/S has a power-on password),
> but
> how can my web application author detect (using a JS API) if any data
> stored
> in a browser's database is in fact encrypted (or not)?
> Such uncertainty might force us (as a vendor) to have to develop
> platform/browser-specific plugins to providew an alternative implemantation
> of the database API so we can be confident that database storage is secure.

Knowing whether the platform (whether platform means the OS or the browser)
is encrypting things for you is a very different use case.  I definitely
think exploring it (maybe in a new thread) has merit.

On Tue, Aug 17, 2010 at 12:31 AM, Dirk Pranke <dpranke at chromium.org> wrote:

> On Mon, Aug 16, 2010 at 3:58 PM, Ian Hickson <ian at hixie.ch> wrote:
> > On Tue, 30 Mar 2010, Dirk Pranke wrote:
> >>
> >> Nicholas is almost certainly discussing the case where the service
> >> provider requires any data stored on a customer's computer to be
> >> encrypted, not the provider's own computers. (e.g., this could be a
> >> Yahoo! policy that data stored on Yahoo! users' computers must be
> >> encrypted).
> >>
> >> Hence they cannot enforce anything like "use FileVault".
> >
> > If you can't enforce whole disk encryption, but you are concerned that an
> > attacker could have access to your machine, it seems that there is no
> > solution, since an attacker could just install a rootkit and then carry
> > out arbitrary attacks remotely, including simply replacing the browser
> > with one that intercepts all the user's data as it is written.
> >
> While it is true that it would not defend against all attacks, it will
> still defend against some classes of attacks (e.g. casual snooping),
> and may still be valuable.

Adding API surface area to defend against "casual snooping" seems a
bit ridiculous/overkill to me.  Especially when web apps can do this in JS
today if they really wish.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100817/5f9d8ff0/attachment-0002.htm>

More information about the whatwg mailing list