- From: Mike West <notifications@github.com>
- Date: Mon, 24 Feb 2025 10:32:02 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 24 February 2025 18:32:05 UTC
mikewest left a comment (w3ctag/design-reviews#1041) @csarven: > Is there a need for something like signed manifests - listing expected hashes of resources - that can be looked up? There's a proposal from Meta and Mozilla pushing in something like that direction ([Web Application Integrity Consistency and Transparency (WAICT)](https://github.com/beurdouche/explainers/blob/main/waict-explainer.md)) that we discussed in WebAppSec last week. It also vaguely reminds me of [Web Bundles Integrity Block](https://github.com/WICG/webpackage/blob/main/explainers/integrity-signature.md) proposal. These proposals seem quite complimentary to the HTTP Message Signature-based mechanism described here, and well-worth exploring. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1041#issuecomment-2679321825 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1041/2679321825@github.com>
Received on Monday, 24 February 2025 18:32:05 UTC