Re: Security use cases for packaging from Chris Palmer on 2015-01-29 (public-webappsec@w3.org from January 2015)

From: Chris Palmer <palmer@google.com>
Date: Thu, 29 Jan 2015 13:16:40 -0800
To: Yan Zhu <yzhu@yahoo-inc.com>
Cc: "public-webapps@w3.org" <public-webapps@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAOuvq22WMOqvREUWe5OEdq7-+ztsTpMdPuYy0UjQdrypV8PV0w@mail.gmail.com>

But other code from the same origin might not be signed, which could
break the security assertion of code signing.

The unit of signing should be the same as the unit of isolation, i.e.
the origin. Or, the origin should be expanded to include a 4th
element, the signing key(s). I don't know how to achieve that in a way
that does not bring with it the operational risks (bricking) of HPKP
and TACK.

Received on Thursday, 29 January 2015 21:17:07 UTC