[whatwg] Proposal for secure key-value data stores

Mikko Rantalainen mikko.rantalainen at peda.net
Tue Dec 7 04:16:14 PST 2010


2010-12-01 21:43 EEST: Aryeh Gregor:
> On Tue, Nov 30, 2010 at 6:15 PM, Ian Hickson <ian at hixie.ch> wrote:
>> It cannot, and should not. It's a user concern. If as a user I want all
>> data that you send me to be printed unencrypted and dropped out of my
>> office window for anyone to read, then I should be allowed to do that. :-)
> 
> It's legitimate for an organization to require people to handle data
> in a certain way if they want web access to it.  For instance, a
> company could reasonably require that if users want to work from home,
> they have to obey certain security practices to avoid leaking private
> data -- e.g., information about the company's clients or users that
> might be protected by privacy laws or company privacy policies. [...]

If a company or any other entity deals with data that must not be
leaked, they definitely should not allow any random (home or other)
workstation to access the data. Either the user using the workstation is
able to decide by himself that the workstation is secure enough or the
user cannot use the workstation for secure stuff at all.

Even, if we had a hypothetical "secure" workstation that is based on
signed binary executed by BIOS (or some other firmware boot method) and
only that binary will only execute other signed binaries, the
workstation cannot be guaranteed to be safe. If the user cannot inspect
that the hardware has not been temped with, there's no way to make sure
that the environment is safe. (There could be an extra hardware
component that makes the hardware unsafe - for example, a hardware
keylogger inserted between keyboard and keyboard connector, extra
hardware soldered on the motherboard that interferes with the memory bus
to hack the hardware or something more obscure. See Xbox 360 hacking for
an example.) In addition to these major issues, there's still the
minor(?) issue of bugs in the software. See security vulnerabilities in
software for examples.

In the end, my point is that there's absolutely nothing an UA could do
to verify that the environment is safe. If somebody claims to do
anything else, beware, he's trying to sell you some snake oil.

-- 
Mikko

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20101207/852607c2/attachment-0002.pgp>


More information about the whatwg mailing list