Re: [integrity]: Origin confusion attacks.

On Fri, Jan 10, 2014 at 4:18 AM, Mike West <mkwst@google.com> wrote:

> I think the nonce makes it clear that the script tag was added by the
> author, rather than maliciously injected. That should give us enough trust
> in the author's intent to bypass the origin check, assuming the integrity
> check hits the cache.
>

I like the nonce idea. Is nonce currently implemented for img tags or any
tags other than script, style?

I am also wondering how this case would be handled:

<link href="//cdn.example.com/style.css" rel="stylesheet" nonce="abc"
integrity="ni:///sha-512;xyz...123">

And style.css contains:

.awesomeness {
  background-image: url(http://example.com/cat.gif)
  integrity(ni:///sha-512;3587cb776ce0e4...c838c423);
}

(or whatever css integrity syntax is decided)

Since the stylesheet is a static asset on the CDN it's not possible to
include a nonce, can cat.gif be loaded from the integrity cache? I would
think that is fine to allow for a stylesheet, but a script can load
resources dynamically, some thought might need to be put into that scenario.

I also like Michal's approach, but I'm very worried about bloating the CSP
> header to the point where it outweighs the content it's protecting. Chrome
> has some sort of reasonable limit on header size (I have 16k in my head,
> but I've no idea if that's accurate)... how soon will we be hitting that? :)
>

Again you would have the question I raised above to consider with this
approach, would you need to whitelist the integrity hash of every image
loaded by the CSS or just the css file?

Apache's default request header limit is 8190 bytes, Tomcat has a
request/response header size limit of 8192 bytes by default (tomcat 5 was
4096 bytes, but they increased it in version 6+). If a base64 encoded
sha-512 hash is 43 characters that lets you fit ~185 hashes.

-pete