W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2017

Re: Proposal: Signatures in SRI.

From: Jeffrey Yasskin <jyasskin@google.com>
Date: Fri, 9 Jun 2017 22:04:01 -0700
Message-ID: <CANh-dXn9hs1dSJiU8UNVgKSzPv2JwPwH5Arz9pTmuDcVNHEcfA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, freddyb@mozilla.com, Francois Marier <francois@mozilla.com>, joel.weinberger@gmail.com, Brad Hill <hillbrad@gmail.com>
On Thu, Jun 1, 2017 at 2:42 AM, Martin Thomson <martin.thomson@gmail.com> wrote:
> I think that signatures solve some of the concerns I've been seeing
> with SRI deployment, the biggest one being that you need to know what
> the content is before you can link to it.  This would add a layer of
> indirection, allowing you to identify a signer.
>
> I threw out a proposal a while back that would address a fairly
> significant shortcoming of SRI: an inability to progressively process
> content.  It's a little more complicated than your proposal, but has
> the advantage of providing integrity over partial resources.  It also
> degenerates neatly to what you propose here.
>
> It's badly rotten, since I stopped maintaining it (time, wherefore art
> thou?), but I hope that you can at least get a taste:
> https://tools.ietf.org/html/draft-thomson-http-miser
>
> That also suggests an enhancement for integrity more generally.
>
> On your work:
> One major limitation of using ed25519 is that you can't incrementally
> calculate the signature; you should at a minimum consider the
> pre-hashed variant if you intend for this to be universally
> applicable.  The draft above would be trivial to get to work with
> ed25519.

I'm certainly not a cryptography expert, but I read in
https://tools.ietf.org/html/rfc8032#section-4, "Note that single-pass
verification is not possible with most uses of signatures, no matter
which signature algorithm is chosen.  This is because most of the
time, one can't process the message until the signature is validated,
which needs a pass on the entire message."

Does that not apply to uses of SRI?

Thanks,
Jeffrey
Received on Saturday, 10 June 2017 05:04:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:23 UTC