Open adrelanos opened 1 year ago
Threat model:
Under this threat model it would make sense if something similar to subresource integrity could be used.
<script src="https://example.com/example-framework.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC" crossorigin="anonymous"></script>
Unfortunately, subresource integrity does not support user downloaded files at the of writing. Ticket: https://github.com/w3c/webappsec-subresource-integrity/issues/68 And from the ticket it also doesn't seem like support for that is coming anytime soon.
Meanwhile would it be possible to do integrity check with javascript? Could the javascript look at the download stream, run it through "$sha512" [1] hashing and notify at the end of the download if the hashsum matches or mismatches?
$sha512
Tails implemented a similar solution. References:
The disadvantage is, that the user has to:
Verify your download
That's non-ideal from a usability perspective.
feature request: Could download.js automate this?
download.js
[1] Writing $ sha512 because that's just a placeholder for "hashing algorithm". Shouldn't be hardcoded to be future-proof.
$
sha512
Threat model:
Under this threat model it would make sense if something similar to subresource integrity could be used.
Unfortunately, subresource integrity does not support user downloaded files at the of writing. Ticket: https://github.com/w3c/webappsec-subresource-integrity/issues/68 And from the ticket it also doesn't seem like support for that is coming anytime soon.
Meanwhile would it be possible to do integrity check with javascript? Could the javascript look at the download stream, run it through "
$sha512
" [1] hashing and notify at the end of the download if the hashsum matches or mismatches?Tails implemented a similar solution. References:
The disadvantage is, that the user has to:
Verify your download
buttonThat's non-ideal from a usability perspective.
feature request: Could
download.js
automate this?[1] Writing
$
sha512
because that's just a placeholder for "hashing algorithm". Shouldn't be hardcoded to be future-proof.