- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 20 Aug 2025 09:18:54 -0400
- To: W3C Credentials CG <public-credentials@w3.org>
Yet more adoption of the specs we've incubated in this community... the browser vendors are now exploring the adoption of HTTP Message Signatures to further protect and decentralize software libraries used on web pages. This is being done to mitigate some of the scariest software supply chain attacks that web pages are susceptible to today: https://wicg.github.io/signature-based-sri/#profile The approach uses HTTP Message Signatures (incubated in this community for 8+ years before being standardized at IETF) to digitally sign software delivered to web pages such that the provenance of the software can be verified before using it. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Wednesday, 20 August 2025 13:19:34 UTC