Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please require a secure origin (Bug 25972) #28

Closed
mwatson2 opened this issue May 23, 2016 · 84 comments
Closed

Please require a secure origin (Bug 25972) #28

mwatson2 opened this issue May 23, 2016 · 84 comments
Assignees

Comments

@mwatson2
Copy link
Collaborator

Bug 25972 from bugzilla:

As with service workers implementations want to require a secure origin in order to get access to cryptographic functionality. We should make that a requirement in the specification so that implementations do not have to reverse engineer each other.

In particular you want to refer to the origin of http://www.whatwg.org/specs/web-apps/current-work/multipage/webappapis.html#entry-settings-object

Secure origin is defined by https://w3c.github.io/webappsec/specs/mixedcontent/

Ryan probably knows which flavor of secure origin is to be used here.

@hhalpin
Copy link

hhalpin commented Jun 20, 2016

Add text saying "Developers should use Secure Origins, although this is not strictly required."

@mwatson2
Copy link
Collaborator Author

Discussion on 7/11 call suggest requiring a secure origin, in the stronger sense of requiring the top-level browsing context to be secure.

@mwatson2
Copy link
Collaborator Author

I assume that the secure origin test should be performed as the first step in each WebCrypto method. This would mean that errors due to WebIDL type conversion would still occur on insecure origins, but then you would get the secure origin test failure.

IIUC, Chrome's current implementation does algorithm normalization and possibly other parameter validation before checking for the secure origin.

mwatson2 added a commit to mwatson2/webcrypto that referenced this issue Jul 12, 2016
@mwatson2
Copy link
Collaborator Author

PR #122

@bdhess
Copy link
Contributor

bdhess commented Jul 14, 2016

-1 for requiring a secure origin (though I'm okay with it being recommended).

The "Secure Messaging" use case, for example, doesn't require TLS in order to preserve the privacy of the exchange, so long as only ciphertext is transmitted. Simply put, we don't want the extra roundtrips associated with establishing a TLS session when they are superfluous to the actual security solution, since this leads to a worse end-user experience with no tangible benefit.

@domenic
Copy link

domenic commented Jul 14, 2016

Whatever you do, please do not use the incumbent or entry settings objects here. Current settings object is more correct. See https://readable-email.org/list/public-script-coord/topic/multiple-globals-and-you

@ddorwin
Copy link

ddorwin commented Jul 14, 2016

Looking at https://w3c.github.io/webappsec-secure-contexts/#new, would it be simpler to add [SecureContext] to GlobalCrypto, Crypto, and/or SubtleCrypto?

@domenic
Copy link

domenic commented Jul 14, 2016

That would probably work, although it would have different normative effects than adding a guard. (Adding a guard causes errors at call time, whereas [SecureContext] prevents the interfaces from existing at all.)

@mwatson2
Copy link
Collaborator Author

@bdhess Without a secure origin, you can only make security arguments with respect to passive attackers. An active attacker - one who can modify the pages served to the client - has full access.

Privacy against passive observation is not without value and this is the argument I have used in the past against requiring a secure origin. However, we'd need some evidence that there were users with that use-case as a requirement (my company was one of those, but no longer).

@mwatson2
Copy link
Collaborator Author

@ddorwin Yes, that would seem to me to be simpler and clearer. However the secure context specification recommends both. I am not sure why, since if the interface is only exposed in secure contexts the guard could never fail. @mikewest ?

@bdhess
Copy link
Contributor

bdhess commented Jul 14, 2016

@mwatson2 In our operating environment, there's no sensitive data or PII that's emanating from the client. Ultimately, our use of Web Crypto is entirely to provide security around server-provided assets. So the protection of client-side key material is therefore a concern for us, but as I understand it, out of scope for Web Crypto.

@mikewest
Copy link
Member

Yes, that would seem to me to be simpler and clearer. However the secure context specification recommends both.

Adding the [SecureContext] IDL attribute to the relevant interfaces should indeed be enough. The API won't be exposed in non-secure contexts, and since the state of a context can't change, the explicit guard in the algorithm is redundant (though probably worth noting next to the algorithm in any event). If you're ok with the implications (hiding the interface rather than throwing), then that sounds like a totally reasonable way to address the issue.

mikewest added a commit to w3c/webappsec-secure-contexts that referenced this issue Jul 15, 2016
w3c/webcrypto#28 noted that the current recommendations were confusing
as they suggested both throwing and hiding the interface. This patch
clarifies that either/or is completely acceptable.
@annevk
Copy link
Member

annevk commented Jul 18, 2016

Is it web-compatible to hide the API from insecure contexts? That's the main tradeoff solution-wise.

@mikewest
Copy link
Member

Safari and IE both ship prefixed variants of the crypto.subtle APIs. I imagine developers would have to be feature-detecting anyway if they don't want to error out on those browsers.

@ericroman920
Copy link

Marking with [SecureContext] SGTM.

-1 for requiring a secure origin (though I'm okay with it being recommended).

Note that Chrome already doesn't allow Web Crypto over non-secure origins. So clients needing to support Chrome will have to address this in their implementation regardless.

IIUC, Chrome's current implementation does algorithm normalization and possibly other parameter validation before checking for the secure origin.

Chrome (currently) does the origin check after (most) WebIDL checks on the parameters, but before things like "algorithm normalization", and rejects with NotSupportedError in that case. Hence it is not very consistent as far as what parameters have been processed. Marking with [SecureContext] avoids that problem.

What should happen when structured (de) cloning a CryptoKey into an insecure context? Under the crypto.subtle is hidden model, I presume you could still postMessage a CryptoKey to an insecure context. Is that relevant?

@bdhess
Copy link
Contributor

bdhess commented Jul 25, 2016

@ericroman920

Note that Chrome already doesn't allow Web Crypto over non-secure origins. So clients needing to support Chrome will have to address this in their implementation regardless.

So the contention is, since Chrome has already defined a behavior, there's no point in discussing changes that would make the spec inconsistent with Chrome's present behavior? This seems like a really backwards way of developing community standards. I'm not the first person to object to this behavior:

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972#c6
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972#c20
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972#c22

From the record, it's pretty clear that Chrome came to this decision based on the assumption that there exists no scenario in which there is value in being able to use the Web Crypto API in an insecure context. Including myself, there are at least four commenters who've disputed that.

@annevk
Copy link
Member

annevk commented Jul 26, 2016

I suspect that were you to ask the people that objected to this in the past again, they are probably more agreeable to this now. E.g., Mark commented in this very thread saying so.

Also, the concerns Ehsan raised there were mostly about the original solution easily being bypassed. Secure contexts addresses those concerns. He didn't really state any use cases for Web Crypto in insecure contexts and I don't really think you have clearly done so either.

mwatson2 added a commit to mwatson2/webcrypto that referenced this issue Aug 26, 2016
@mwatson2
Copy link
Collaborator Author

New PR using [SecureContext]: #131

@ericroman920
Copy link

A problem with PR #131 is that it marks window.crypto as [SecureContext].

This means that window.crypto.getRandomValues() is no longer accessible on insecure contexts.

I don't believe we want that change -- getRandomValues() has always been available on insecure contexts.

Instead I propose marking only SubtleCrypto (i.e. window.crypto.subtle) as [SecureContext].

@X-Ryl669
Copy link

(Not totally off topic, IMHO, since Webkit is the new W3C, as far as I'm observing it). Anyway, @varunnaagaraj you are doomed to find another solution without webcrypto as this issue points out, there is no webcrypto on http. And there is no https for localhost, so no webcrypto for you.

@twiss
Copy link
Member

twiss commented Aug 17, 2021

@X-Ryl669 localhost is in fact considered a potentially secure origin, see https://w3c.github.io/webappsec-secure-contexts/. I believe Web Crypto works on localhost in most browsers.

@X-Ryl669
Copy link

Well sorry, my mistake. I meant local host on your LAN (not 127.0.0.1 or ::1).

@varunnaagaraj
Copy link

Yeah. @twiss is right. Localhost is considered secure. I also checked the originwhitelist and it has been set to allow all content in webcrypto.
@twiss do you happen to know if any polyfill changes can help make it into a secure context?

@pztrick
Copy link

pztrick commented Aug 17, 2021

Different considerations apply to a cryptography API and other APIs that don't purport to enable implementation of secure protocols. End users have a particular interest in site developers not being given security footguns and end users interests come above site developers in the priority of constituencies. That's not to say there are no security footguns in the web platform, but the existence of others would not be an argument for introducing another one.

Nevertheless, there are trade offs, as I said, as this is how this one was decided.

I've been monitoring this thread for a long time... I feel like a happy compromise that could resolve many of the complaints in this thread satisfactorily would be to white-list class A, B, C private subnets to use this module (e.g. if you are developing on a VM or other computer on the same LAN network). So allow crypto on local networks like 192.168.0.x, 10.0.0.x, 172.16.0.x and similar.

@stevendesu
Copy link

@pztrick you can’t make assumptions about how routers are configured. Even given that the 192.168.255.255/16 range is reserved by (ICANN? ARIN? I forget which entities control what) - a compromised router may deliver traffic destined to these addresses to any server on the web.

@pztrick
Copy link

pztrick commented Aug 17, 2021

I did say compromise and not perfection. :)

@pztrick you can’t make assumptions about how routers are configured. Even given that the 192.168.255.255/16 range is reserved by (ICANN? ARIN? I forget which entities control what) - a compromised router may deliver traffic destined to these addresses to any server on the web.

My understanding, and correct me if I'm wrong, for removing the crypto API on non-secure hosts is for developers to catch this footgun if for example they develop on localhost and then deploy to a production server serving on http and not https. Removing the usefulness of crypto API methods for other legitimate uses on private networks seems overkill when the use-cases I imagine for delivering apps to users on the wide internet would still hit this limitation deploying to http on public network IPs and so we aren't handing anyone a footgun. A development team will catch that limitation on the public IPs and alter their code/deployment.

On the other hand, if your hostname is accessed over HTTP without HSTS any usage of crypto API is mooted since the malicious party already has control. You're already MITM'd.

@twiss
Copy link
Member

twiss commented Aug 17, 2021

@twiss do you happen to know if any polyfill changes can help make it into a secure context?

@varunnaagaraj Sorry, I'm not sure I understand your question. There's nothing a polyfill or script can do to change whether a context is considered to be secure/trustworthy, no.

@varunnaagaraj
Copy link

Is there any way that I can load a React native application in a secure context itself? I guess I am hitting the below scenario where the app loads in a unsecure context and I open a https url and still it is considered unsecure.
Screen Shot 2021-08-17 at 2 17 35 PM

@varunnaagaraj
Copy link

@twiss do you happen to know if any polyfill changes can help make it into a secure context?

@varunnaagaraj Sorry, I'm not sure I understand your question. There's nothing a polyfill or script can do to change whether a context is considered to be secure/trustworthy, no.

Well what I meant was, PolyfillCrypto basically creates a Proxy reference to all the subtlecrypto api's. Im guessing if this WindowProxy is the reason for the session being termed insecure.
Reference:
https://www.w3.org/TR/html51/browsers.html#the-windowproxy-object
https://www.w3.org/TR/secure-contexts/#is-origin-trustworthy

@twiss
Copy link
Member

twiss commented Aug 18, 2021

The two things are unrelated. A Web Crypto polyfill can provide fallback implementations of crypto operations, but it can't access the native implementation of Web Crypto if the context is insecure. The context being insecure because of an insecure opener that holds a reference via a WindowProxy, can be fixed as is explained further down in the example you saw.

@jonarmani
Copy link

jonarmani commented Jul 4, 2022

end users interests come above site developers in the priority of constituencies

The doctrine you refer to ends: "Of course, it is preferred to make things better for multiple constituencies at once." Let's check on all named constituents:

  1. Users - ✅ more faith in web's security
  2. Authors - ❌ add me to the list of people architecting around this in my own web app
  3. Implementors - ❌ see above comment about added PKI energy and costs
  4. Specifiers - ❌ it just makes w3c look so subservient to Big Tech, it's a bit disgusting
  5. Theoretical Purity - ❌ breaking separation of concerns as this comment and others note

To follow the priority of constituencies would be to help all but one group at once by not requiring secure origin.

@twiss
Copy link
Member

twiss commented Jul 4, 2022

Of course, if it was possible to make both users and authors happy, then we should do that. But that's why the first sentence applies: there's a conflict here, and users are more important than authors (and everything else on the list). It doesn't say that authors + implementors + specifiers + theoretical purity outweigh users. And anyway I don't agree with the last three crosses on that list. IMO more accurate would be:

  1. Users - ✅
  2. Authors - ❌
  3. Implementors - ✅ implementors have indicated they prefer to make Web Crypto available on secure contexts only
  4. Specifiers - ✅ the previous editor and the current editor (me) are in this thread :) And personally I agree with this stance, because...
  5. Theoretical Purity - ✅ ...using Web Crypto on an insecure context is almost always insecure. Allowing its use would give a false sense of security in most cases. And, just because there are other APIs available on insecure contexts, doesn't mean that new ones should be.

The web in general is moving to being HTTPS-only. It's even easier and cheaper today to request a TLS certificate for any website than it was in 2016, thanks to initiatives like Let's Encrypt. For local applications, something like Electron can be used. For IoT devices, rather than hosting the entire web app on the device, I would recommend hosting a web app (or creating an Electron app), and then communicating from that web app with the IoT devices.

If you have some specific use case where you can't use HTTPS, but you believe you nevertheless have a secure application, I would recommend proposing an exception to the Secure Contexts specification instead; then, you can use all APIs that require a secure context in your application, not just Web Crypto. I'm not sure how such an exception would look, as it depends on the exact use case. However, I think this has a better chance of succeeding, if you can somehow show the user (agent) that the origin is secure, as this has the user's experience in mind. Shipping a web application over HTTP (which is nowadays shown by many browsers as insecure) and then somehow trying to convince the user that the application is secure anyway, will always lead to a suboptimal user experience.

@twiss
Copy link
Member

twiss commented Jul 4, 2022

For example, see w3c/webappsec-secure-contexts#60.

@X-Ryl669
Copy link

X-Ryl669 commented Jul 4, 2022

So your proposal is... no solution ?
Right now, the security model on the web is based on a central service that must be connected to to assert their validity. Said differently, you can't, with current web standards, provide a solution to a secure item in your house that's not connected to the internet but to your LAN only. It's not internet (since you can't have a secure local network with this scheme), it's skynet: kill the head (let's encrypt server) and everything collapses.

Hopefully, other people have solved this, and if I take OpenSSH as a example, use a different scheme: security is asserted on first connection and then some cryptographic signature is stored locally for subsequent connections.

Right now, by forbidding browsers to offer a secure webcrypto implementation (one that can be relied upon in JS), you're providing exactly zero value to the world. In HTTPS, you can send whatever crypto code as JS and it'll be secure, you don't need web-crypto. In this situation, webcrypto's only interest is speed, and the main downside is complexity.

If webcrypto were allowed in unsecure context, but with secure guarantees (like for example, being able to store a signature of some server's main script in local storage and have the signature asserted before running the script) you could provide a solution for the local internet issue that many of us are trying to circumvent.

Take the following scenario:

  1. Some gizmo is being powered on.
  2. You connect to them via their access point over HTTP (since they are not connected to the internet)
  3. The server sends a JS script asking to access webcrypto and a token.
  4. The user is prompted to ensure she trusts the device/server.
  5. Webcrypto signs the script and store the signature and the server's token.
  6. Optionally The user changes the device's WIFI connection to join her network, but doesn't provide a gateway
  7. The device connects on the user's WIFI network and gets a local IP address
  8. Upon later connection from the user, when the server sends its webcrypto's script access request again, the token is checked in the localStorage and no prompt is given to the user. Everything is secure from now, the script is certified. Obviously, the script should contain some code to store and retrieve a private key pair in local storage, ciphered with some webcrypto random salt, and use that to initiate a Diffie Helman session key negociation.
  9. If a MITM is trying to impersonate the server, he can't send another script since the signature will fail. He can't get the private key since the local storage's priv key is ciphered and to decipher it, he need to validate the initial signature.
  10. This scheme's default is upon first connection where a MITM can impersonate the first server's query. Since WIFI use this scheme in WPS since years I would say it's an acceptable security risk, a lot better than no security at all and probably as safe as HTTPS is currently.

Your position, as I understand it, is not to allow any kind of innovation in security scheme.
"If something is working, don't try another way to do it", I'm not convinced...

@twiss
Copy link
Member

twiss commented Jul 4, 2022

No, my proposal is to solve this problem in w3c/webappsec-secure-contexts#60, instead of here. In that issue, someone proposed to consider local devices as secure origins if the user has indicated that they're on a private network. To me, that seems like a much simpler solution than what you're proposing, and is not specific to Web Crypto.

@X-Ryl669
Copy link

X-Ryl669 commented Jul 4, 2022

I understand your proposal. But I don't see how it would solve the MITM issue if, suddenly, the LAN address space became a secure context. Since HTTPS security is based on a verification done with an external server (the CA), and on a local address space you can't have a CA, allowing 192.168.1.0/24 to be secure without a CA, means that any device could replace the some other device's web service and scripts by just impersonating/spoofing the other device's IP address.
The MITM device could simply spoof the initial server with his own scripts to capture the credentials or data or whatever, and it would go completely unnoticed.

IMHO, I don't think it can be solved without changing the paradigm for local network: go from a central authority system to a decentralized trust system.

Secure context does not solve the former (I'm probably missing something here?), and you can use web crypto to solve the latter.
I feel like the defect in the webcrypto access is trying to be fixed by a external patch instead of a more natural solution: allow it to run everywhere, don't you think?

But you are right, it's probably not the right place to discuss this proposal.

@twiss
Copy link
Member

twiss commented Jul 4, 2022

But I don't see how it would solve the MITM issue if, suddenly, the LAN address space became a secure context. Since HTTPS security is based on a verification done with an external server (the CA), and on a local address space you can't have a CA, allowing 192.168.1.0/24 to be secure without a CA, means that any device could replace the some other device's web service and scripts by just impersonating/spoofing the other device's IP address.

In the subclause "if the user has indicated that they're on a private network" is hidden the assumption that the user trusts their local network and the devices in it. For example, if you don't trust your own device, HTTPS is also not secure, as malware on your device can MITM that as well.

Considering local devices as secure origins (if the user trusts them) addresses the use case that was brought up as then you can use Web Crypto (and other APIs that require secure origins). At the very least, it's not less secure than allowing Web Crypto to be used on HTTP in general ;)

If you want more security than that, indeed a separate proposal would be needed.

@X-Ryl669
Copy link

X-Ryl669 commented Jul 4, 2022

At the very least, it's not less secure than allowing Web Crypto to be used on HTTP in general ;)

That's true. So why deny it at first ?

@twiss
Copy link
Member

twiss commented Jul 4, 2022

What did I deny, exactly? I never argued against allowing Web Crypto on LAN. I was merely arguing against allowing Web Crypto on HTTP in general.

@robofearth
Copy link

I’ve been following this topic for years and am astounded at those few supporting the requirements for https, regardless of how prevalent it is.

A good encryption library should not rely on having certificates from centralised issuing authorities, when it isn’t needed for that library’s internal logic. That’s insane.

@X-Ryl669
Copy link

X-Ryl669 commented Jul 5, 2022

Ok, so that's where I disagree with you. Webcrypto should be allowed on HTTP, maybe only on LAN, but it should be accessible. Because on LAN, it's not possible to have HTTPS (unless without horrible DNS tricks and an internet connection, so a WAN).
Maybe getting LAN recognized as a secure context is enough for this (and I'm with you if it's your opinion).

However having Webcrypto on HTTP anywhere else (WAN) doesn't decrease security (I think it's the opposite). Because when something needs to be done, it'll be done and we don't live in a world of unicorn and fairies. Without Webcrypto, the result is sending crypto code as unsecure JS, unauthenticated, uncertified. With Webcrypto, at least, the crypto toolbox is standard and secure, and not tempered. The code that's using these web crypto primitives can be modified by a MITM in HTTP unless some addition is added to the proposal/specification.

With few modifications (like I've described above), it can even be made secure against MITM after first contact.

It's not really complex to add, since we already have script's signature checking in browser (with subresource integrity specification), adding a secret per-browser salt token and a dictionary of token=>HMAC(script, secret||token) in local storage and using it before allowing the script to run is few lines of code, the most difficult part is to add a dialog to ask the user if she wants to trust the server initially (but again, we already have those for setting up bad HTTPS certificate exceptions).

As you said, it can be a new proposal, I think it's too small to make a proposal, and I don't think it'll be baked up by Google, that's why I think it should be in this proposal.

@X-Ryl669
Copy link

X-Ryl669 commented Jul 5, 2022

A good encryption library should not rely on having certificates from centralised issuing authorities

A crypto toolbox that's only doing what's already done/required in HTTPS is useless anyway, since you can already use HTTPS to send one to the browser. A crypto toolbox should allow making crypto algorithms and applications ever with a centralized architecture or a decentralized architecture. Right now, the specification is centralized only, since if Let's Encrypt server is DDOS, the whole web will collapse (and no, the fact that there are other CA is not a justification for decentralization, when one actor is free vs paying competitors, it's the main actor).

To allow decentralization of the web, one should not rely on a technology that mandate a unique (or few) hosts to be alive, but instead provide way to trust other & any hosts and a crypto toolbox is mandatory to achieve this. It's a shame that webcrypto doesn't run on HTTP, because this large area of possibilities is denied to us.

@twiss
Copy link
Member

twiss commented Jul 5, 2022

Ok, so that's where I disagree with you. Webcrypto should be allowed on HTTP, maybe only on LAN, but it should be accessible. Because on LAN, it's not possible to have HTTPS (unless without horrible DNS tricks and an internet connection, so a WAN).
Maybe getting LAN recognized as a secure context is enough for this (and I'm with you if it's your opinion).

Yes, that's what I meant. And that's what w3c/webappsec-secure-contexts#60 is :)

As you said, it can be a new proposal, I think it's too small to make a proposal, and I don't think it'll be baked up by Google, that's why I think it should be in this proposal.

Well - at the very least it should be outside of this issue :) As you'll notice this issue isn't even about allowing Web Crypto on insecure origins, it's about allowing Web Crypto on secure origins only. As that has been done, this issue is closed and will never be reopened. So if you want to have an open issue to discuss this stuff in, you should create a new one. But, apart from that, whether Google implements something doesn't depend on whether it's included in a big specification or a small one. And in fact, additions to this standard have to go through incubation, anyway, so you'd have to write a (small) specification anyway. But that's a good thing, not a bad thing - if you just sneak something into an existing specification, without gaining consensus on it, nobody will notice or implement it.

A crypto toolbox that's only doing what's already done/required in HTTPS is useless anyway, since you can already use HTTPS to send one to the browser.

That's not entirely true. Web Crypto can be used to implement end-to-end encryption, which HTTPS can't offer. There are some challenges around trusting the code if you don't trust the origin, but that's again orthogonal to this issue. Additionally, in a web extension (which is also a secure origin), you can use Web Crypto to send encrypted data to a server if you trust the web extension but not the server, for example.

A crypto toolbox should allow making crypto algorithms and applications ever with a centralized architecture or a decentralized architecture. Right now, the specification is centralized only, since if Let's Encrypt server is DDOS, the whole web will collapse (and no, the fact that there are other CA is not a justification for decentralization, when one actor is free vs paying competitors, it's the main actor).

If it's your position that it should be possible to make secure decentralized web apps, then that's reasonable, however, for that you need secure code distribution, which comes before Web Crypto, not after. If you want to have a mechanism where the code is signed and trusted by the user with a trust-on-first-use model, that's potentially possible, but again the "index.html" should then be signed also (and the signature be verified by the browser). If that's implemented, then the origin could be considered as secure, and then Web Crypto could be used there. However, using Web Crypto (which is run by the code of the web app) to verify the code of the web app is not possible.

@X-Ryl669
Copy link

X-Ryl669 commented Jul 5, 2022

That's probably the main point here.

You don't need secure code distribution, unless you consider that the browser's internal code is a distribution. Secure code distribution is what HTTPS is doing and we can safely say it's working well, but it doesn't mean other way to distribute code over unsafe channel won't work. The trust-on-first-use is an example of a secure code assertion over an insecure channel. It requires a secure / non falsifiable tool and web crypto can provide it since it resides in the web browser, not on the code that's sent over the wire. There are other methods to send secure code over an un-secure channel, (typically TLS is one of them too). They all rely on a trusted implementation of some primitive and web crypto should be this implementation.

It's not possible to verify the web app right now on HTTP but it can be made possible with 2 changes to the specifications:

  1. Allowing web crypto everywhere
  2. Allowing a taint mode for security. Once a web page tries to instantiate web crypto, a secret (to the javascript implementation and the server) is generated that's used to verify/sign/assert the content of the web page against a web page's own token. I think you've got that part, so I won't repeat how (that should be part of a new proposal).

So if you think it's worth it, I'll bootstrap another issue, but I don't know if it should be on this repo or on another one.

@7heMech
Copy link

7heMech commented May 5, 2024

Why was this even accepted :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests