- From: Harry Halpin <hhalpin@w3.org>
- Date: Tue, 17 Dec 2013 22:17:09 +0100
- To: public-web-security@w3.org
I think some sort of signed Javascript solution could be very useful.
Currently, on the Web we have a pretty straightforward same origin
policy that assumes complete trust in the server. yet with the
proliferation of third-party JS apps and the possibility of server being
compromised, how do you know if the server has served the right JS?
I think some approach involving signatures and repos of JS libraries
(similar to repos in *nix) would help, along with some sort of network
perspectives or trust anchor in the browser to double-check and verify
the JS served by the server.
I believe WebAppSec WG is working on something in this space. I'm
personally a fan of the TUF/Thandy approach of Tor, and wonder if such
an approach could be adopted to JS. Installing trusted code is a hard
problem, and applies just as equally in JS as it does in any other
language. Despite all the harm of XSS, the advantage of downloading the
JS code (and forcing new code into the cache when necessary), JS does
allow easy upgrade to avoid 0 days, but I'd like to see if we can
increase the trust in JS even more.
cheers,
harry
Received on Tuesday, 17 December 2013 21:17:17 UTC