Re: [w3ctag/design-reviews] Review of signature-based resource loading restrictions. (#186) from Mike West on 2017-09-27 (public-webapps-github@w3.org from September 2017)

From: Mike West <notifications@github.com>
Date: Wed, 27 Sep 2017 12:46:20 +0000 (UTC)
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/186/332509014@github.com>

@triblondon:
> I'm anticipating that CDNs will want to provide this as a service to their customers

CDN-provided services are basically SRI's threat model. :) One goal is to ensure that a page loads the bits that its owner uploaded to the CDN, unmodified (https://w3c.github.io/webappsec-subresource-integrity/#resource-integrity). It's actually meant to reduce the necessity to hand over the keys to your kingdom to the CDN.

The use cases I'm personally interested in involve a creator holding a private key offline, using it at build-time to sign resources, then taking it offline again until the next build. Signing content dynamically on the server seems to substantially reduce the guarantees the signature provides. I'm sure there are valid use cases for that kind of setup, but, again, it's not the use case we're targeting.

I look forward to chatting with y'all about it tomorrow. :)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/186#issuecomment-332509014

Received on Wednesday, 27 September 2017 12:47:30 UTC