From 096d1475ec72b98e716e9779a40aaad97e26ea80 Mon Sep 17 00:00:00 2001 From: Jan-Ivar Bruaroey Date: Thu, 17 Oct 2019 16:46:06 -0400 Subject: [PATCH 1/3] Add security note about certificates and postMessage. --- webrtc.html | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/webrtc.html b/webrtc.html index 48f2c65fb..aa990e513 100644 --- a/webrtc.html +++ b/webrtc.html @@ -12936,6 +12936,11 @@

Confidentiality of Communications

A mechanism, peerIdentity, is provided that gives Javascript the option of requesting media that the same javascript cannot access, but can only be sent to certain other entities.

+

Communication certificates may be opaquely shared with + postMessage in anticipation of future needs. User agents are + encouraged to not directly hold private keying material in these shared + objects, or limit sharing to the same origin, to reduce memory attack + surface.

Persistent information exposed by WebRTC

From b9da44b5182fcb40f9c735949c7c181c073fd0c2 Mon Sep 17 00:00:00 2001 From: Jan-Ivar Bruaroey Date: Mon, 21 Oct 2019 18:45:57 -0400 Subject: [PATCH 2/3] s/with/using/ postMessage --- webrtc.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webrtc.html b/webrtc.html index aa990e513..d42592656 100644 --- a/webrtc.html +++ b/webrtc.html @@ -12936,7 +12936,7 @@

Confidentiality of Communications

A mechanism, peerIdentity, is provided that gives Javascript the option of requesting media that the same javascript cannot access, but can only be sent to certain other entities.

-

Communication certificates may be opaquely shared with +

Communication certificates may be opaquely shared using postMessage in anticipation of future needs. User agents are encouraged to not directly hold private keying material in these shared objects, or limit sharing to the same origin, to reduce memory attack From 9352a2494fd74a1c7a18972dbaaeab24fb4532ec Mon Sep 17 00:00:00 2001 From: Jan-Ivar Bruaroey Date: Wed, 4 Dec 2019 14:13:10 -0500 Subject: [PATCH 3/3] Strengthen normative prose around a [[KeyingMaterialHandle]] --- webrtc.html | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/webrtc.html b/webrtc.html index d42592656..7ff505cb4 100644 --- a/webrtc.html +++ b/webrtc.html @@ -5333,8 +5333,13 @@

Methods

origin.

  • -

    Set certificate.[[\KeyingMaterial]] to - generatedKeyingMaterial.

    +

    Store the generatedKeyingMaterial in a + secure module, and let handle be a reference + identifier to it.

    +
    • +
  • +

    Set certificate.[[\KeyingMaterialHandle]] to + handle.

  • Set certificate.[[\Certificate]] to @@ -5378,7 +5383,8 @@

    RTCCertificate Interface

    The RTCCertificate interface represents a certificate used to authenticate WebRTC communications. In addition to the visible properties, internal slots contain a handle to the - generated private keying materal ([[\KeyingMaterial]]), a certificate + generated private keying materal ([[\KeyingMaterialHandle]]), + a certificate ([[\Certificate]]) that RTCPeerConnection uses to authenticate with a peer, and the origin ([[\Origin]]) that created the object.

    @@ -5443,14 +5449,15 @@

    Methods

    For the purposes of this API, the [[\Certificate]] slot contains unstructured binary data. No mechanism is provided for - applications to access the [[\KeyingMaterial]] internal slot. + applications to access the [[\KeyingMaterialHandle]] internal + slot or the keying material it references. Implementations MUST support applications storing and retrieving - RTCCertificate objects from persistent storage. - In implementations where an RTCCertificate might not - directly hold private keying material (it might be stored in a - secure module), a reference to the private key can be held in - the [[\KeyingMaterial]] internal slot, allowing the - private key to be stored and used.

    + RTCCertificate objects from persistent storage, in a manner + that also preserves the keying material referenced by + [[\KeyingMaterialHandle]]. + Implementations SHOULD store the sensitive keying material in a secure + module safe from same-process memory attacks. This allows the private + key to be stored and used, but not easily read using a memory attack.

    RTCCertificate objects are serializable objects [[!HTML]]. Their serialization steps, given value and serialized, are:

    @@ -5467,9 +5474,10 @@

    Methods

    a copy of the unstructured binary data in value.[[\Origin]].
    • -
  • Set serialized.[[\KeyingMaterial]] to a serialization - of the private keying material represented by - value.[[\KeyingMaterial]].
    • +
  • Set serialized.[[\KeyingMaterialHandle]] to a + serialization of the handle in + value.[[\KeyingMaterialHandle]] (not the + private keying material itself).

    • Their deserialization steps, given serialized and @@ -5485,8 +5493,9 @@

    Methods

  • Set value.[[\Origin]] to a copy of serialized.[[\Origin]].
    • -
  • Set value.[[\KeyingMaterial]] to the private key material - resulting from deserializing serialized.[[\KeyingMaterial]]
    • +
  • Set value.[[\KeyingMaterialHandle]] to the + private keying material handle + resulting from deserializing serialized.[[\KeyingMaterialHandle]].

    • Supporting structured cloning in this manner allows RTCCertificate instances to be persisted to stores. It @@ -12938,9 +12947,9 @@

    Confidentiality of Communications

    access, but can only be sent to certain other entities.

    Communication certificates may be opaquely shared using postMessage in anticipation of future needs. User agents are - encouraged to not directly hold private keying material in these shared - objects, or limit sharing to the same origin, to reduce memory attack - surface.

    + strongly encouraged to isolate the private keying material these objects + hold a handle to, from the processes that have access to the + RTCCertificate objects, to reduce memory attack surface.

    Persistent information exposed by WebRTC