- From: Bertil Chapuis <bchapuis@gmail.com>
- Date: Fri, 14 Sep 2018 15:01:31 +0200
- To: public-webappsec@w3.org
- Cc: Kévin Huguenin <kevin.huguenin@unil.ch>, Igor Bilogrevic <ibilogrevic@google.com>, mkwst@google.com
Hello WebAppSec, My colleagues and I have been doing some research on the use of checksums to improve the security of web downloads (i.e., integrity verification of downloaded files). One of the solutions mentioned in the paper to improve the usability of checksum-based integrity verification is to extend Subresource integrity (SRI) to <a> elements (this idea is in the air for quite some time now). Extending it to other elements such as <img> would make sense as well. A brief explainer is available here: https://github.com/checksum-lab/checksum-lab.github.io/blob/master/README.markdown We would like to push this idea further and are willing to devote some time into that. Note, however, that we have very little knowledge and no experience regarding specification writing and W3C processes in general. Would a revision (v2) of the SRI spec be the best way to proceed? Is anyone willing to mentor us through this process? Please let us know what you think about the proposal and what the next steps on our side would be. Best regards, Bertil, Kevin, Igor
Received on Friday, 14 September 2018 13:20:15 UTC