Hi Vijay, > What would the corresponding W3C statement be? W3C isn't doing a lot of > protocols in the IETF sense. If we define a new browser JS API, what does a > "prefer encryption" stance look like for that case? How about for say a new > version of CSS or HTML? > > I'm all for pervasive security but I'd like to make sure we're completely > clear on what we're trying to achieve.
Good questions, which I'd recast to "What should W3C be doing to prepare for and encourage a confidential Web?" We could support transport-layer encryption. For example, in several groups, the conversation has started on preferring or requiring secure/authenticated origins for powerful Web features,[1] which would have the effect of encouraging sites to offer encryption, as well as giving the user greater assurance that only authenticated endpoints could access potentially sensitive features. We could support application-level encryption, as the WebCrypto API[2] does. We could look at other threats to security and privacy of Web usage, such as incomplete isolation of elements with different trust levels (e.g. WebAppSec's Mixed Content spec[3]). The IAB's reference to information leakage and unwanted linkage between connections also suggests that we look deeper for ways to mitigate fingerprinting risks[4]. --Wendy [1] http://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features [2] https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html [3] http://www.w3.org/TR/mixed-content/ [4] https://w3c.github.io/fingerprinting-guidance/ > > -----Original Message----- > From: Wendy Seltzer [mailto:wselt...@w3.org] > Sent: Friday, November 14, 2014 11:51 AM > To: public-web-security@w3.org > Subject: Fwd: IAB Statement on Internet Confidentiality > > The IETF IAB issued this statement today: > ... >> Newly designed protocols should prefer encryption to cleartext operation. > ... >> We recommend that encryption be deployed throughout the protocol stack >> since there is not a single place within the stack where all kinds of >> communication can be protected. > ... > > Should W3C make a similar effort to support pervasive encryption? > (I supported this statement as part of the IAB PrivSec program.) > > --Wendy > > > > -------- Forwarded Message -------- > Subject: IAB Statement on Internet Confidentiality > Date: Fri, 14 Nov 2014 04:26:02 -0500 > From: IAB Chair <iab-ch...@iab.org> > To: IETF Announce <ietf-annou...@ietf.org> > CC: IAB <i...@iab.org>, IETF <i...@ietf.org> > > Please find this statement issued by the IAB today. > > On behalf of the IAB, > Russ Housley > IAB Chair > > = = = = = = = = = = = = = > > IAB Statement on Internet Confidentiality > > In 1996, the IAB and IESG recognized that the growth of the Internet depended > on users having confidence that the network would protect their private > information. RFC 1984 documented this need. Since that time, we have seen > evidence that the capabilities and activities of attackers are greater and > more pervasive than previously known. The IAB now believes it is important > for protocol designers, developers, and operators to make encryption the norm > for Internet traffic. Encryption should be authenticated where possible, but > even protocols providing confidentiality without authentication are useful in > the face of pervasive surveillance as described in RFC 7258. > > Newly designed protocols should prefer encryption to cleartext operation. > There may be exceptions to this default, but it is important to recognize > that protocols do not operate in isolation. Information leaked by one > protocol can be made part of a more substantial body of information by > cross-correlation of traffic observation. There are protocols which may as a > result require encryption on the Internet even when it would not be a > requirement for that protocol operating in isolation. > > We recommend that encryption be deployed throughout the protocol stack since > there is not a single place within the stack where all kinds of communication > can be protected. > > The IAB urges protocol designers to design for confidential operation by > default. We strongly encourage developers to include encryption in their > implementations, and to make them encrypted by default. We similarly > encourage network and service operators to deploy encryption where it is not > yet deployed, and we urge firewall policy administrators to permit encrypted > traffic. > > We believe that each of these changes will help restore the trust users must > have in the Internet. We acknowledge that this will take time and trouble, > though we believe recent successes in content delivery networks, messaging, > and Internet application deployments demonstrate the feasibility of this > migration. We also acknowledge that many network operations activities > today, from traffic management and intrusion detection to spam prevention and > policy enforcement, assume access to cleartext payload. For many of these > activities there are no solutions yet, but the IAB will work with those > affected to foster development of new approaches for these activities which > allow us to move to an Internet where traffic is confidential by default. > > > > > -- Wendy Seltzer -- wselt...@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile)
