Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Divide Security/Privacy Considerations into subsections by audience? #1039

Closed
emlun opened this issue Aug 14, 2018 · 7 comments · Fixed by #1298
Closed

Divide Security/Privacy Considerations into subsections by audience? #1039

emlun opened this issue Aug 14, 2018 · 7 comments · Fixed by #1298
Assignees
@emlun
Labels
priority:low privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. stat:pr-open type:editorial
Milestone
L2-WD-02

Comments

@emlun
Copy link
Member

emlun commented Aug 14, 2018

The Security Considerations and Privacy Considerations sections have grown quite large (9 A4 pages when printed as PDF at the time of writing), and it's not obvious by looking at the table of contents which subsections are relevant to which audiences:

  1. Security Considerations
    13.1. Cryptographic Challenges
    13.2. Attestation Security Considerations
    13.2.1. Attestation Certificate Hierarchy
    13.2.2. Attestation Certificate and Attestation Certificate CA Compromise
    13.3. Security Benefits for WebAuthn Relying Parties
    13.3.1. Considerations for Self and None Attestation Types and Ignoring Attestation
    13.4. credentialId Unsigned
    13.5. Browser Permissions Framework and Extensions
  2. Privacy Considerations
    14.1. De-anonymization prevention measures
    14.2. Anonymous, scoped, non-correlatable public key credentials
    14.3. Authenticator-local biometric recognition
    14.4. Attestation Privacy
    14.5. Registration Ceremony Privacy
    14.6. Authentication Ceremony Privacy
    14.7. Privacy between operating system accounts

Perhaps we should divide them into subsections by audience - maybe something like this?

  1. Implementation Considerations
    1. Security Considerations
      1. Attestation Certificate and Attestation Certificate CA Compromise
      2. credentialId Unsigned
      3. Security Considerations for Authenticators
        1. Attestation Certificate Hierarchy
      4. Security Considerations for Clients
        1. Browser Permissions Framework and Extensions
      5. Security Considerations for Relying Parties
        1. Cryptographic Challenges
        2. Security Benefits for WebAuthn Relying Parties
          1. Considerations for Self and None Attestation Types and Ignoring Attestation
    2. Privacy Considerations
      1. De-anonymization prevention measures
      2. Anonymous, scoped, non-correlatable public key credentials
      3. Authenticator-local biometric recognition
      4. Privacy Considerations for Authenticators
        1. Attestation Privacy
      5. Privacy Considerations for Clients
        1. Registration Ceremony Privacy
        2. Authentication Ceremony Privacy
        3. Privacy between operating system accounts
@emlun emlun self-assigned this Aug 14, 2018
@nadalin
Copy link
Contributor

nadalin commented Aug 14, 2018

@emlun This seems like a lot of work to get done prior to PR, all the information is there or should be there so this seems a readability cleanup issue that may be best if done in next level if we can't make the cutoff point here

@emlun
Copy link
Member Author

emlun commented Aug 15, 2018

Yeah, fair points. It's fine with me if the answer to "should we do this?" ends up being "no".

@equalsJeffH
Copy link
Contributor

this is related to issue #585

@nadalin nadalin added this to the L2-WD-00 milestone Aug 15, 2018
@equalsJeffH equalsJeffH added privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. labels Aug 15, 2018
@emlun
Copy link
Member Author

emlun commented Aug 15, 2018

Consensus on 2018-08-15 WG call was that we would like to do this for L1 if we have time, otherwise punt it to L2.

@emlun emlun modified the milestones: L2-WD-01, L2-WD-02 Feb 20, 2019
@jcjones
Copy link
Contributor

jcjones commented Jun 12, 2019

We're going to try and work this out externally in a Google Doc and then produce a PR.

Anyone who wants to join our crusade, please reach out to @emlun or me.

@jcjones
Copy link
Contributor

jcjones commented Jun 12, 2019

(View-only link: https://docs.google.com/document/d/1IMtYEIllKCIhFe8vVLT6Rp9AQbbHc6LNwaWeR9nqrTM/edit?usp=sharing)

@bdewater
Copy link

One thing that confused me for a moment was the disconnect between these sections:

The biometric section covers only a subset of the user verification section, but it's much more easily found by skimming the table of contents. This may lead a casual reader to wonder whether only biometrics are done locally but a PIN is shared with the RP.

emlun added a commit that referenced this issue Sep 11, 2019
@emlun
Divide security/privacy considerations into subsections by audience
d119478 
Fixes #1039
@emlun emlun mentioned this issue Sep 11, 2019
Merged
equalsJeffH pushed a commit that referenced this issue Sep 20, 2019
@emlun @equalsJeffH
Divide security/privacy considerations into subsections by audience (#…
8ed793f 
…1298)

* Divide security/privacy considerations into subsections by audience

Fixes #1039

* Add editor comment about <span> for old anchor

* Move RP security consideration out from authenticators section
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emlun emlun

Labels
priority:low privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. stat:pr-open type:editorial
Projects
None yet
Milestone
L2-WD-02
Development

Successfully merging a pull request may close this issue.

Divide security/privacy considerations into subsections by audience w3c/webauthn
5 participants
@equalsJeffH @bdewater @jcjones @emlun @nadalin