Open MGibson1 opened 1 week ago
Thanks for sharing. The meeting notes are still pending review at #704; once merged it should be possible to find the relevant discussion permanently at https://github.com/w3c/webextensions/blob/main/_minutes/2024-09-23-wecg-tpac.md#native-messaging#native-messaging
While discussing native messaging at TPAC, I mentioned Bitwarden encrypts these communication channels.
It was asked that I share a quick demo of that experience.
https://github.com/user-attachments/assets/f6f3d6c5-9267-48a5-b456-c607382d6722
What is going on here is the browser extension creating a public/private key pair, sharing the public one along the unencrypted and insecure native messaging pipe to the desktop application. The desktop application calculates a fingerprint of the public key and asks the user to verify it is the same one calculated by the browser. In this way, we ensure that no middle party intercepted and injected a compromised key to spy on communications between the applications.
The user experience of validating the fingerprint is not perfect, but without a supervisor (probably the OS) validating both isolated communications between the two applications AND validating the identity of both parties, we need to rely on the user to do so.