Signatures from Sean B. Palmer on 2015-12-09 (public-webappsec@w3.org from December 2015)

From: Sean B. Palmer <sean@miscoranda.com>
Date: Wed, 9 Dec 2015 08:56:13 +0000
To: public-webappsec@w3.org
Message-ID: <CAH3-oEcLH0ZOGKcb0g8ZCpXWemtG1XmLYNpudFY+wMMyBMdEpA@mail.gmail.com>

Yesterday I published an Internet-Draft for discussion which proposes
a method for associating web resources with cryptographic digital
signatures:

https://www.ietf.org/id/draft-palmer-signature-link-relation-00.txt

Michael Smith directed me to this group as working on a relevant
technology, Subresource Integrity. I would like to suggest two things:

* That the "integrity" attribute should come with a counterpart link
relation for use in the "Link" HTTP header and "rel" HTML attribute.
* That the "signature" link relation and some signature counterpart to
"integrity" may have a place in your Subresource Integrity work.

I understand that the work is advanced, being at the CR phase within
the W3C. But I would not like to produce a solution to the problem of
signature verification in complete independence from your work, and I
therefore solicit your feedback.

-- 
Sean B. Palmer

Received on Wednesday, 9 December 2015 08:56:45 UTC