Extending Subresource integrity to more elements (<a>, <img>, etc.)

Hello WebAppSec,

My colleagues and I have been doing some research on the use of
checksums to improve the security of web downloads (i.e., integrity
verification of downloaded files). One of the solutions mentioned in
the paper to improve the usability of checksum-based integrity
verification is to extend Subresource integrity (SRI) to <a> elements
(this idea is in the air for quite some time now). Extending it to
other elements such as <img> would make sense as well. A brief
explainer is available here:


We would like to push this idea further and are willing to devote some
time into that. Note, however, that we have very little knowledge and
no experience regarding specification writing and W3C processes in
general. Would a revision (v2) of the SRI spec be the best way to
proceed? Is anyone willing to mentor us through this process?

Please let us know what you think about the proposal and what the next
steps on our side would be.

Best regards,

Bertil, Kevin, Igor

Received on Friday, 14 September 2018 13:20:15 UTC