Home

Extending Web Cryptography.

%3CLINGO-SUB%20id%3D%22lingo-sub-482279%22%20slang%3D%22en-US%22%3EExtending%20Web%20Cryptography.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-482279%22%20slang%3D%22en-US%22%3E%3CP%3ECongratulations%20on%20the%20release%20of%20your%20new%20browser%20platform!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20currently%20working%20independently%20on%20an%20open%20source%2C%20non-proprietary%20infrastructure%20called%20the%20Mathematical%20Mesh%20that%20makes%20computers%20easier%20to%20use%20by%20making%20them%20more%20secure.%20My%20question%20for%20the%20development%20team%20is%20what%20are%20the%20security%20challenges%20you%20see%20in%20the%20Web%20that%20you%20would%20like%20to%20see%20addressed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERecognizing%20that%20such%20a%20proposition%20might%20require%20a%20certain%20credentials%2C%20let%20me%26nbsp%3Bintroduce%20myself%3A%20I%20am%20Phillip%20Hallam-Baker%2C%20a%20member%20of%20the%20CERN%20team%20that%20originally%20developed%20HTTP%20and%20the%20Web.%20Since%20then%20I%20spent%2020%20years%20as%20Principal%20Scientist%20at%20VeriSign%20and%20then%20Comodo.%20I%20have%20worked%20with%20many%20members%20of%20the%20Microsoft%20security%20team%20over%20the%20years%2C%20including%20the%20joint%20work%20we%20performed%20on%20WS-Security.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20reason%20for%20approaching%20your%20team%20directly%20is%20that%20for%20the%20past%20five%20years%20I%20have%20been%20looking%20at%20ways%20in%20which%20we%20could%20move%20the%20field%20past%20the%20limited%20repertoire%20of%20cryptographic%20primitives%20established%20by%20PEM%2C%20OpenPGP%20and%20S%2FMIME.%20I%20have%20recently%20begun%20proposing%20this%20work%20in%20IETF.%20While%20I%20will%20be%20meeting%20with%20Microsoft%20employees%20at%20the%20Montreal%20IETF%2C%20that%20does%20not%20happen%20until%20July%20and%20that%20is%20at%20the%20start%20of%20summer%20break%2C%20worst%20possible%20time%20to%20build%20momentum.%20Another%20consideration%20is%20that%20while%20I%20want%20to%20hand%20over%20development%20of%20the%20Mesh%20to%20an%20open%20standards%20body%2C%20the%20IETF%20may%20not%20be%20the%20best%20forum%20to%20choose.%20In%20the%20past%20I%20have%20worked%20in%20W3C%20and%20OASIS%20and%20other%20forums.%20If%20I%20approach%20the%20stakeholders%20through%20IETF%20however%2C%20we%20might%20end%20up%20path%20dependent.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20MESH%20technology%20is%20a%20means%20of%20using%20a%20domain%20name%20and%20an%20encryption%20key%20to%20form%20a%20URI%20that%20may%20be%20converted%20to%20a%20URL%20by%20means%20of%20a%20one%20way%20function.%20In%20layman's%20terms%3A%20Scan%20this%20QR%20code%20and%20the%20browser%20can%20retrieve%20an%20encrypted%20resource%20that%20it%20can%20then%20decrypt%20with%20the%20information%20in%20the%20URI.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20you%20could%20scan%20a%20QR%20code%20on%20an%20invoice%20and%20receive%20a%20machine%20readable%20copy%20for%20your%20bill%20pay%20system.%20But%20the%20system%20is%20entirely%20secure%20end-to-end.%20All%20the%20data%20stored%20in%20the%20cloud%20is%20encrypted.%20Which%20means%20you%20can%20meet%20HIPPA%2C%20GDPR%20requirements%2C%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERight%20now%2C%20I%20am%20implementing%20a%20demo%20of%20this%20code%20in%20a%20proxy.%20But%20it%20would%20be%20a%20lot%20more%20useful%20in%20the%20browser.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20Mesh%20technology%20that%20might%20be%20more%20relevant%20to%20your%20short%20term%20needs%20is%20the%20ability%20to%20mange%20passwords%20and%20share%20them%20between%20devices%20with%20true%20end%20to%20end%20security.%20There%20is%20a%20cryptographic%20technique%20known%20as%20proxy%20re-encryption%20developed%20by%20Mat%20Blaze%20in%20the%20'90%20and%20another%20technique%20called%20split%20key%20generation%20by%20Torben%20Pedersen%20developed%20around%20the%20same%20time%20(both%20out%20of%20patent%20AKAIK).%20It%20isn't%20in%20the%20PEM%20canon%20but%20it%20is%20well%20known%20in%20the%20cryptography%20world.%20This%20allows%20a%20cloud%20service%20to%20serve%20up%20the%20passwords%20to%20all%20the%20connected%20devices%20without%20having%20decryption%20capability%20itself.%20What%20the%20cloud%20service%20can%20do%20however%20is%20prevent%20a%20device%20decrypting%20the%20passwords.%20Which%20allows%20it%20to%20block%20access%20if%20a%20device%20is%20lost%20or%20stolen.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20run%20this%20past%20your%20crypto%20group%2C%20please%20email%20me%20and%20I%20can%20provide%20references%20within%20Microsoft.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20why%20would%20Microsoft%20want%20to%20manage%20passwords%20this%20way%3F%20Well%2C%20Chrome%20was%20developed%20by%20Google%20which%20has%20a%20certain%20approach%20to%20liability%20and%20the%20Microsoft%20I%20have%20worked%20with%20for%20almost%2030%20years%20has%20a%20very%20different%20approach.%20Specifically%2C%20storing%20user's%20passwords%20in%20any%20form%2C%20even%20encrypted%20represents%20a%20'steaming%20pile%20of%20liability'%20as%20a%20Microsofter%20once%20put%20it%2C%20unless%20the%20party%20storing%20the%20passwords%20can%20prove%20that%20they%20had%20absolutely%20no%20means%20of%20decrypting%20them.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20reason%20for%20Microsoft%20to%20take%20this%20approach%20is%20that%20as%20things%20stand%2C%20Edge%20is%20the%20new%20contender%2C%20you%20will%20need%20to%20persuade%20people%20to%20switch.%20When%20Chrome%20first%20appeared%20on%20the%20market%2C%20the%20value%20proposition%20it%20offered%20was%20greater%20security%20running%20active%20content%20in%20separate%20processes.%20End-to-end%20secure%20password%20management%20using%20an%20open%20standard%20that%20has%20been%20widely%20reviewed%20in%20an%20open%20standards%20process%20is%20a%20value%20proposition%20that%20you%20can%20explain%20to%20a%20journalist%20and%20a%20journalist%20can%20explain%20to%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOf%20course%2C%20the%20real%20goal%20is%20to%20get%20rid%20of%20the%20passwords%20altogether%20and%20the%20same%20techniques%20used%20to%20distribute%20the%20decryption%20keys%20to%20a%20user's%20devices%20can%20be%20used%20for%20authentication%20keys%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-501085%22%20slang%3D%22en-US%22%3ERe%3A%20Extending%20Web%20Cryptography.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-501085%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326588%22%20target%3D%22_blank%22%3E%40hallambaker%3C%2FA%3E!%20Thanks%20for%20the%20note.%20Is%20your%20proxy%20prototype%20available%20somewhere%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWould%20it%20be%20possible%20to%20implement%20this%20using%20a%20standard%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.chrome.com%2Fextensions%2Fapi_index%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ebrowser%20extension%3C%2FA%3E%20(with%20little%20tweaking%2C%20now%20supported%20in%20Edge%2C%20Chrome%2C%20and%20Firefox)%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-501132%22%20slang%3D%22en-US%22%3ERe%3A%20Extending%20Web%20Cryptography.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-501132%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Web%20site%20is%26nbsp%3B%3CA%20href%3D%22http%3A%2F%2Fmathmesh.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fmathmesh.com%2F%3C%2FA%3E%20it%20has%20fallen%20behind%20the%20code%20and%20documentation.%3C%2FP%3E%3CP%3EThe%20main%20document%20is%26nbsp%3B%3CA%20href%3D%22http%3A%2F%2Fmathmesh.com%2FDocuments%2Fdraft-hallambaker-mesh-architecture.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fmathmesh.com%2FDocuments%2Fdraft-hallambaker-mesh-architecture.html%3C%2FA%3E%3C%2FP%3E%3CP%3EThe%20github%20repo%20is%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fhallambaker%2FMathematical-Mesh%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fhallambaker%2FMathematical-Mesh%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrent%20status%20is%20that%20I%20have%20finished%20the%20architecture%20and%20design%20work%20and%20I%20am%20going%20through%20rewriting%20the%20code%20so%20that%20it%20aligns%20with%20the%20revised%20documentation.%20This%20is%20likely%20to%20take%20me%20another%20month%2C%20possibly%20two.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20proxy%20isn't%20part%20of%20the%20code%20right%20now.%20I%20have%20a%20version%20that%20worked%20but%20one%20of%20the%20reasons%20you%20do%20prototypes%20is%20to%20refine%20the%20design.%20We%20realized%20we%20could%20collapse%20a%20lot%20of%20the%20applications%20layered%20on%20top%20of%20the%20Mesh%20into%20one%20protocol%20with%20three%20methods%20for%20synchronizing%20containers%20between%20machines.%20Then%20we%20realized%20we%20could%20further%20collapse%20the%20Mesh%20itself%20into%20that%20scheme.%20So%20long%20story%20short%2C%20we%20had%20a%20better%20idea%20and%20spent%20a%20year%20re-implementing%20everything.%20But%20I%20do%20not%20plan%20to%20do%20that%20again.%3C%2FP%3E%3C%2FLINGO-BODY%3E
hallambaker
New Contributor

Congratulations on the release of your new browser platform!

 

I am currently working independently on an open source, non-proprietary infrastructure called the Mathematical Mesh that makes computers easier to use by making them more secure. My question for the development team is what are the security challenges you see in the Web that you would like to see addressed.

 

Recognizing that such a proposition might require a certain credentials, let me introduce myself: I am Phillip Hallam-Baker, a member of the CERN team that originally developed HTTP and the Web. Since then I spent 20 years as Principal Scientist at VeriSign and then Comodo. I have worked with many members of the Microsoft security team over the years, including the joint work we performed on WS-Security.

 

The reason for approaching your team directly is that for the past five years I have been looking at ways in which we could move the field past the limited repertoire of cryptographic primitives established by PEM, OpenPGP and S/MIME. I have recently begun proposing this work in IETF. While I will be meeting with Microsoft employees at the Montreal IETF, that does not happen until July and that is at the start of summer break, worst possible time to build momentum. Another consideration is that while I want to hand over development of the Mesh to an open standards body, the IETF may not be the best forum to choose. In the past I have worked in W3C and OASIS and other forums. If I approach the stakeholders through IETF however, we might end up path dependent.

 

One MESH technology is a means of using a domain name and an encryption key to form a URI that may be converted to a URL by means of a one way function. In layman's terms: Scan this QR code and the browser can retrieve an encrypted resource that it can then decrypt with the information in the URI.

 

So you could scan a QR code on an invoice and receive a machine readable copy for your bill pay system. But the system is entirely secure end-to-end. All the data stored in the cloud is encrypted. Which means you can meet HIPPA, GDPR requirements, etc.

 

Right now, I am implementing a demo of this code in a proxy. But it would be a lot more useful in the browser.

 

Another Mesh technology that might be more relevant to your short term needs is the ability to mange passwords and share them between devices with true end to end security. There is a cryptographic technique known as proxy re-encryption developed by Mat Blaze in the '90 and another technique called split key generation by Torben Pedersen developed around the same time (both out of patent AKAIK). It isn't in the PEM canon but it is well known in the cryptography world. This allows a cloud service to serve up the passwords to all the connected devices without having decryption capability itself. What the cloud service can do however is prevent a device decrypting the passwords. Which allows it to block access if a device is lost or stolen.

 

If you want to run this past your crypto group, please email me and I can provide references within Microsoft.

 

So why would Microsoft want to manage passwords this way? Well, Chrome was developed by Google which has a certain approach to liability and the Microsoft I have worked with for almost 30 years has a very different approach. Specifically, storing user's passwords in any form, even encrypted represents a 'steaming pile of liability' as a Microsofter once put it, unless the party storing the passwords can prove that they had absolutely no means of decrypting them.

 

Another reason for Microsoft to take this approach is that as things stand, Edge is the new contender, you will need to persuade people to switch. When Chrome first appeared on the market, the value proposition it offered was greater security running active content in separate processes. End-to-end secure password management using an open standard that has been widely reviewed in an open standards process is a value proposition that you can explain to a journalist and a journalist can explain to users.

 

Of course, the real goal is to get rid of the passwords altogether and the same techniques used to distribute the decryption keys to a user's devices can be used for authentication keys as well.

2 Replies

Howdy, @hallambaker! Thanks for the note. Is your proxy prototype available somewhere?

 

Would it be possible to implement this using a standard browser extension (with little tweaking, now supported in Edge, Chrome, and Firefox)?

@ericlaw 

The Web site is http://mathmesh.com/ it has fallen behind the code and documentation.

The main document is http://mathmesh.com/Documents/draft-hallambaker-mesh-architecture.html

The github repo is https://github.com/hallambaker/Mathematical-Mesh

 

Current status is that I have finished the architecture and design work and I am going through rewriting the code so that it aligns with the revised documentation. This is likely to take me another month, possibly two. 

 

The proxy isn't part of the code right now. I have a version that worked but one of the reasons you do prototypes is to refine the design. We realized we could collapse a lot of the applications layered on top of the Mesh into one protocol with three methods for synchronizing containers between machines. Then we realized we could further collapse the Mesh itself into that scheme. So long story short, we had a better idea and spent a year re-implementing everything. But I do not plan to do that again.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies