RE: Nonce for CSS, Signature of script, link, img? from Hill, Brad on 2013-01-31 (public-webappsec@w3.org from January 2013)

From: Hill, Brad <bhill@paypal-inc.com>
Date: Thu, 31 Jan 2013 01:55:21 +0000
To: Mountie Lee <mountie.lee@mw2.or.kr>
CC: Hendrik Brummermann <nhb_web@nexgo.de>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E278E9DF6@DEN-EXDDA-S12.corp.ebay.com>

Mountie,

The use cases are network-focused: that it would allow an application to protect itself from modifications to content loaded over insecure transports (like http) or from unauthorized server-side modifications to content loaded over secure transports.

-Brad

From: mountie@paygate.net [mailto:mountie@paygate.net] On Behalf Of Mountie Lee
Sent: Wednesday, January 30, 2013 4:44 PM
To: Hill, Brad
Cc: Hendrik Brummermann; public-webappsec@w3.org
Subject: Re: Nonce for CSS, Signature of script, link, img?

Hi.
thanks for your information.

one question I have is
is this suggestion give protection for stored JS code or installable webapp?

regards
mountie.
On Thu, Jan 31, 2013 at 9:33 AM, Hill, Brad <bhill@paypal-inc.com<mailto:bhill@paypal-inc.com>> wrote:

please share the link for "Sub-Resource Integrity" and related information.

[Hill, Brad] http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0129.html

--
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net<mailto:mountie@paygate.net>

=======================================

PayGate Inc.

THE STANDARD FOR ONLINE PAYMENT

for Korea, Japan, China, and the World

Received on Thursday, 31 January 2013 01:55:55 UTC