[Bug 20789] New: Signature (cryptographic hash) attribute for <script>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20789

            Bug ID: 20789
           Summary: Signature (cryptographic hash) attribute for <script>
    Classification: Unclassified
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5: The Markup Language (editor: Michael(tm) Smith)
          Assignee: mike@w3.org
          Reporter: costan@gmail.com
        QA Contact: public-html-bugzilla@w3.org
                CC: public-html-admin@w3.org,
                    public-html-wg-issue-tracking@w3.org

Please add a "signature" attribute to the <script> tag, which can be used to
ensure that the script that will be executed matches the script that the page
author believes will be executed.


* Example

The following example shows a <script> with a signature attribute that matches
this proposal.

<script type="text/javascript"
    src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js"
    signature="sha256:f6DVw/U4x2+HjgEqw5BZf67Kq/5vudRZuRkljnbF344=">
</script>


* Motivation

Many Web sites import popular scripts from CDNs (content distribution networks)
to improve the user experience by increasing cache hit ratios. Unfortunately,
this requires full trusting CDNs, which receive the power to execute arbitrary
JavaScript with the credentials of the sites that use them.

If <script> supports signature checking, the CDNs can at most perform a denial
of service attack by returning the wrong data. Note that using the https:
scheme does not solve this problem, because it only protects the JavaScript
while it is in transit between the server and the client.


* Proposed Syntax

This proposal introduces an optional 'signature' attribute to the <script> tag.
'signature' is silently ignored if the script does not have a 'src' attribute.

The proposed syntax of 'signature' is as follows:

signature-value := algorithm-id : hash-value
algorithm-id := one or more of the following characters: A-Z, a-z, 0-9, _
hash-value := one or more of the characters in RFC 2045 Section 6.8 (base64)
[1]


* Hashing Algorithms

All the hashing algorithms considered by this specification operate on binary
data, which is called "script material" in this proposal. The script material
is the exact binary representation of the script as it is in the body of the
HTTP request used to obtain the script. This is purposefully dependent on the
script's character encoding.

This proposal introduces one algorithm with algorithm-id sha256. According to
this algorithm, a script's hash value is obtained by first computing the
SHA-256 hash of the script material according to FIPS 180-4, and then
base64-encoding it according to Section 6.8 of RFC 2045.

On a system that has the curl and openssl command-line tools installed, the
hash value for a script can be computed using the following command:

curl -s http://cdn.com/script.js | openssl dgst -sha256 -binary | openssl enc
-base64


* Fallback

No fallback is required. User agents that do not understand the 'signature'
attribute will silently ignore it.


* References

[1] https://tools.ietf.org/html/rfc2045#section-6.8
[2] http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Monday, 28 January 2013 02:19:10 UTC