Re: [w3c/ServiceWorker] Preventing server-forced updates (#822) from Daniel Huigens on 2023-10-12 (public-webapps-github@w3.org from October 2023)

From: Daniel Huigens <notifications@github.com>
Date: Thu, 12 Oct 2023 12:32:56 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/822/1760251242@github.com>

Hi all :wave: FYI, I [proposed](https://github.com/WICG/proposals/issues/124) an alternative solution to the underlying goal (of facilitating web apps that don't trust the server) at the WICG (working title: [Source Code Transparency](https://github.com/twiss/source-code-transparency)). I also presented on it at the WebAppSec WG meeting at TPAC ([minutes](https://github.com/w3c/webappsec/blob/main/meetings/2023/2023-09-15-TPAC-minutes.md#source-code-transparency-sketch)), and it seemed like there was interest from the browsers there.

Instead of trying to prevent updates, the proposal here is to make all updates transparent and publicly auditable by security researchers, to make it detectable if any malicious code gets deployed by a web app's server. While this doesn't prevent malicious code from being deployed, it strongly discourages servers from ever doing so (due to the risk of reputational damage). The security model here is similar to [Certificate Transparency](https://certificate.transparency.dev/), which has been very successful at detecting and preventing malicious certificates from being issued. And contrary to the proposals here, it wouldn't be TOFU, but protect users from the first time they open the web app (if the browser implements source code transparency, obviously).

Even though I also previously [commented in favor of the proposal in this issue](https://github.com/w3c/ServiceWorker/issues/822#issuecomment-341866377), my impression is that browsers are quite resistant to preventing updates entirely, and would actually be more open to a solution dedicated to the underlying problem, rather than something "hacked" on top of Service Workers, even if it's more work to implement.

For the full proposal, please see the [explainer](https://github.com/twiss/source-code-transparency/blob/main/explainer.md). If you have any comments or suggestions, please open an issue or discussion on the [repo](https://github.com/twiss/source-code-transparency). If you support the proposal, please leave a :+1: on the [WICG proposal](https://github.com/WICG/proposals/issues/124). Thanks!

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/822#issuecomment-1760251242
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/ServiceWorker/issues/822/1760251242@github.com>

Received on Thursday, 12 October 2023 19:33:02 UTC