Re: [w3ctag/design-reviews] Signature-Based Integrity. (Issue #1041) from Martin Thomson on 2025-02-24 (public-webapps-github@w3.org from February 2025)

From: Martin Thomson <notifications@github.com>
Date: Mon, 24 Feb 2025 14:01:06 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/1041/2679752069@github.com>

martinthomson left a comment (w3ctag/design-reviews#1041)

Complementary, perhaps, though the two approaches address fundamentally different goals.  Signing provides a second layer of provenance on top of what you get from obtaining content using HTTPS, but it cannot provide integrity in the sense that the application is guaranteed to have a fixed shape.  If you care about things like whether you got the same app as everyone else, signing cannot help.  Where signing helps is cases where the provenance of content is not closely tied to its delivery.  Like when you use an intermediary (a CDN or static file host) to deliver high-impact content, or just because your own delivery pipeline is not something you want to trust.  In those cases, you might want to provide an additional layer of protection in case of mistakes or attacks.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/1041#issuecomment-2679752069
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/1041/2679752069@github.com>

Received on Monday, 24 February 2025 22:01:10 UTC