Hey Bertil Thanks for your interest! We would love your help. There is a lot of history here https://github.com/w3c/webappsec-subresource-integrity/issues/68 The spec work is a bit tricky too given that you need to define the cross origin tag for anchor etc. But if @annevk is helping, I am confident most spec issues can be resolved. Personally, I think the big blocker is browser interest. It's not clear any browser is interested in supporting these use cases. If they are, that would significantly increase the momentum here. Thanks Dev On Fri, Sep 14, 2018, 6:22 AM Bertil Chapuis <bchapuis@gmail.com> wrote: > Hello WebAppSec, > > My colleagues and I have been doing some research on the use of > checksums to improve the security of web downloads (i.e., integrity > verification of downloaded files). One of the solutions mentioned in > the paper to improve the usability of checksum-based integrity > verification is to extend Subresource integrity (SRI) to <a> elements > (this idea is in the air for quite some time now). Extending it to > other elements such as <img> would make sense as well. A brief > explainer is available here: > > > https://github.com/checksum-lab/checksum-lab.github.io/blob/master/README.markdown > > We would like to push this idea further and are willing to devote some > time into that. Note, however, that we have very little knowledge and > no experience regarding specification writing and W3C processes in > general. Would a revision (v2) of the SRI spec be the best way to > proceed? Is anyone willing to mentor us through this process? > > Please let us know what you think about the proposal and what the next > steps on our side would be. > > Best regards, > > Bertil, Kevin, Igor > > >
Received on Saturday, 15 September 2018 02:19:18 UTC