W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Security use cases for packaging

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 29 Jan 2015 21:22:22 -0500
To: Yan Zhu <yzhu@yahoo-inc.com>, Ilya Grigorik <igrigorik@google.com>, Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: Chris Palmer <palmer@google.com>, "public-webapps\@w3.org" <public-webapps@w3.org>, "public-webappsec\@w3.org" <public-webappsec@w3.org>
Message-ID: <871tmdaty9.fsf@alice.fifthhorseman.net>
On Thu 2015-01-29 20:14:59 -0500, Yan Zhu wrote:
> A signed manifest-like package description that lists the hash and
> location of every resource seems fine as long as all the resources are
> downloaded and verified before running the app. Perhaps this kills
> some of the performance benefits motivating packaging in the first
> place. :(

Why would you need to fetch all the pieces before running the app?
Consider a manifest includes an integrity check covering resources X, Y,
and Z, but X is the only bit of code that runs first, and Y and Z aren't
loaded.

If you can validate the manifest, then you know you only run X if you've
verified the manifest and X's integrity.  If the user triggers an action
that requires resource Y, then you fetch it but don't use it unless it
matches the integrity check.

(i haven't developed webapps myself for ages, and the idea of a signed
webapp is relatively new to me, so feel free to explain any obvious part
that i'm missing)

        --dkg

Received on Friday, 30 January 2015 02:22:44 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:25 UTC