top | item 45608121

(no title)

doomrobo | 4 months ago

You're right that, when your own server is trustworthy, fully self-hosting removes the need for SRI and integrity manifests. But in the case that your server is compromised, you lose all guarantees.

Transparency adds a mechanism to detect when your server has been compromised. Basically you just run a monitor on your own device occasionally (or use a third party service if you like), and you get an email notif whenever the site's manifest changes.

I agree it's far more work than just not doing transparency. But the guarantees are real and not something you get from any existing technology afaict.

discuss

EGreg|4 months ago

If they want to make a proposal, they should have httpc://sha-256;... URLS which are essentially constant ones, same as SRI but for top-level domains.

Then we can really have security on the Web! Audit companies (even anonymous ones but with a good reputation) could vet certain hashes as being secure, and people and organizations could see a little padlock when M of N approved a new version.

As it is, we need an extension for that. Because SRI is only for subresource integrity. And it doesn't even work on HTML in iframes, which is a shame!

ameliaquining|4 months ago

The linked proposal is basically a user-friendlier version of that, unless you have some other security property in mind that I've failed to properly understand.