From kfm-devel Sat Dec 05 08:31:34 2009 From: Eduardo Robles Elvira Date: Sat, 05 Dec 2009 08:31:34 +0000 To: kfm-devel Subject: Re: Presentation of a new Khtml project (and Problems with Message-Id: <9e2d3ad60912050031p5a0ff459je49aa1e24d1e7988 () mail ! gmail ! com> X-MARC-Message: https://marc.info/?l=kfm-devel&m=126000194332330 On Fri, Dec 4, 2009 at 7:50 PM, Rigo Wenning wrote: > Hi all, > > I did GPG security for HTML pages in 1999 for the german federal > constitutional court and it was a hack. > > The correct way to do it is to use the xhtml serialization and to use XML > Signature. This is of interest to me. If we get sufficient support, I can see > how we can help with it from W3C's perspective. > > Best, > > Rigo Wenning Hello Rigo, I didn't know about XML Signature [1]: it seems to be a good way to create encrypted/signed documents. XML Signature is the envelope for encrypted/signed data, but that part I think should be up to the developer of the website. To continue with the envelope analogy, what I feel is important here is not the envelope itself nor the data it contains, but how securely it was generated. It should have been written in a secure room with no windows whose sole purpose is writing text with a secure "enigma" machine. The user of that room knows that the room is secure and thus is confident that no one but his recipient will be able to read what he is writing. When he gets out of the room, he handles the written cyphered text to the mailman and that's it. The secure room would be the encrypted input element, which the user knows is secure because of the visual hints of the browser which lets the user know that it's actually secure. The enigma machine would be the cypher method you would be using, GPG for example. Both things would be provided by the user's web browser and thus if the user trusts his web browser he then trust the secure room and the enigma machine. Also, the room is room is secure because it's imposible to access to the input element value unencrypted or to change it: if you try to access to it's value it will be encrypted. If you try to modify the value, it won't work (only the user can do it, and even if it worked you could only change the encrypted value, not the plain text). The recipient of the text can only be set once, and the user can see it clicking in the padlock (probably I should also put in the status bar on mouse over and when the input/textarea has the focus to make it perfectly clear). By the way did you know about WebPKI [2]? It's similar to XML Signature. It's not a W3C draft but a researcher propossal, but it provides something closer to what I want: a means to generate signed html code. So it differs from XML Signature in that it provides a workflow for generating the signed document: the user is shown a signature request for a document, then the user can sign it, and then the signed document is generated and sent, all done by the web browser too. The problem I see with WebPKI is that it doesn't provide a way to generate encrypted data and even if it did, it's not designed to do so. It's more like a way to ask the user for his signature for something generated by the server than anything else. So it doesn't provide a secure room where the user can write anything he wants without anyone else spying him, but instead it's a secure room in which he is given a written text which he can securely stamp his signature in. So has anything similar to this been done? Certainly. Yourself seem to have done it ten years ago, but even now there's a Firefox extension (damn it there's always a Firefox extension doesn't it? :P) called FireGPG [3] whose aim is very similar to mine. By using right click -> Encrypt/Decrypt you can encrypt or decrypt any text in a textarea. It has also support for its own type of plugins for modifying existing websites for adding better integration of this in them (mainly, gmail). It has even its own Javascript API for doing all this, and that part is quite interesting. But it doesn't seem provide a HTML tag or attribute to mark as "encrypted" a textarea or input element. On the other hand, FireGPG already exists and works, and it's a good start point for implementing support for what I'm working on in Firefox too. I will probably drop an email to them to let them know about my project =). Regards, Eduardo Robles Elvira. -- [1] http://www.w3.org/TR/xmldsig-core/#sec-PGPData [2] http://webpki.org [3] http://getfiregpg.org/