- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Sun, 15 Feb 2015 18:10:29 -0800
- To: Scott Arciszewski <kobrasrealm@gmail.com>
- Cc: Crispin Cowan <crispin@microsoft.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
So your model is to have a manually curated whitelist of trusted keys; and then use a browser that refuses to load any Internet content at all unless it is signed with one of these (hopefully offline) keys? The "can't navigate anywhere else" seems like a prerequisite, because otherwise, what stops pwn3d.com from just a 30x redirect to evil.com, and letting evil.com do any fingerprinting / decloaking it wants? (In fact, for optimal safety, you'd probably want a whitelist of keys *and* of navigable origins). This seems like an incredibly narrow / impractical use case, with a whole lot of new browser logic to tackle on, and even then, CSP is probably not the right place to solve it. You'd probably just want a signature attached as an extra HTTP header or so, with a browser add-on plugging into the HTTP stack and taking care of the validation steps. /mz
Received on Monday, 16 February 2015 02:11:17 UTC