169
edits
CloudServices/Notifications/Meetings/2011-03-03-Crypto: Difference between revisions
Jump to navigation
Jump to search
CloudServices/Notifications/Meetings/2011-03-03-Crypto (view source)
Revision as of 21:45, 4 March 2011
, 4 March 2011→Problems and Solutions
| Line 10: | Line 10: | ||
* '''Problem''': Service providers (i.e. web apps) will want to be sure that decryption keys are securely stored on the client. | * '''Problem''': Service providers (i.e. web apps) will want to be sure that decryption keys are securely stored on the client. | ||
** '''Solution''': Seems to be more of an OS problem. Should use a keychain to store keys if available. If someone has access to your computer you're hosed anyway. | ** '''Solution''': Seems to be more of an OS problem. Should use a keychain to store keys if available. If someone has access to your computer you're hosed anyway. | ||
* '''Problem''': If a service provider gets compromised (i.e. all of their tokens and public keys are exposed) then attacker can spam all tokens. This is a very bad possibility. | |||
** '''Solution''': Provide a mechanism to disable subscriptions. There are two possibilities here: | |||
*** Force web apps to acquire an api key, and have Mozilla be a central authority for handing out these keys. If a developer needs to pull the plug, they can disable the key. Personal notification servers will have to poll a blacklist to see which keys are disabled. | |||
*** Simply provide a mechanism for web apps to terminate subscriptions. This can send a notification to clients telling them to delete the subscription from their list of keys, and alerting the user to the termination. | |||
** '''Note''': There was a lot of debate over what should be done regarding this possible situation. Having Mozilla be a centralized authority is somewhat undesirable, but in the situation when a web app is compromised and it has had all its tokens/keys deleted by the attacker means that the web app would have no way of revoking each token individually. Is this something we need to sacrifice decentralization over increased security (but as well a higher maintenance cost?). At the end of the meeting, this was still an open issue. | |||
== Recommendations == | == Recommendations == | ||