- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 16 Nov 2017 10:29:52 +0800
- To: HTTP Working Group <ietf-http-wg@w3.org>
Folks here might be interested in this proposal: https://github.com/mikewest/signature-based-sri ... which is currently being considered for adoption in W3C's WebAppSec WG. It proposes doing SubResource Integrity (i.e., an integrity check before a browser will use a JavaScript file, for example) using a signature that could be carried in a response header -- a mechanism we've discussed in the past. See discussion: https://www.w3.org/mid/CAKXHy=c3nJw7vGr+6GN9P=HTaT1Mo5_x4r-P-tKjZswS3SAtpw@mail.gmail.com Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Thursday, 16 November 2017 02:29:32 UTC