Re: [w3ctag/design-reviews] Review of signature-based resource loading restrictions. (#186)

> I'm not at all clear about the risks that @plinss is referring to, and they aren't clear from the minutes either. ed25519 is a fairly robust signature mechanism: what "fraudulent public key" risks am I missing?

My concern is that the end user has to know the public key of the resource signer via some form of out of band communication. A bad actor serving a compromised version of the content can also present their own public key and claim it's the original author's key. Users will get confused. Not that certs completely solve this problem, but at least they provide a known mechanism to associate a public key with a form of identity.

I appreciate the STTCPW(tm) approach, I just worry that if the system is too easy to compromise (or the lack of authentication actually causes more confusion in practice) that it will be as much of a barrier to uptake as a more complicated, but more robust solution.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/186#issuecomment-362215308

Received on Thursday, 1 February 2018 09:55:04 UTC