|
|
|
|
|
|
by Piskvorrr
3396 days ago
|
|
|
I have specifically mentioned SRI - but matching the initial script out-of-band borders on the impossible (or at best "highly improbable"): you need two things, one is easy and one is hard. The easy part is verifying the hash of the initial page - a browser extension could do this (running JS again, oops); and the hard part is a trusted way of obtaining the hash OOB. "Takes some knowhow" doesn't even begin to describe the issues. Where are you obtaining this hash from, and how are you verifying that it's actually a legit and not a malicious one? (It's signed by the author's pubkey...which is verified how?) That doesn't "take some knowhow" - that takes a whole framework, half of which is currently imaginary. You're handwaving that away as "oh, it's a simple matter of building it into the platform," where "it" is amongst other things a public key infrastructure and a secure software distribution system built with it. Easy peasy, right? (Spoiler: no) Contrast to a binary that's distributed through the platform's install/update system - all this is already built, and there's pretty good assurance that you're not getting a malicious result (signed packages). |
|
|
It's actually why I like services like keybase so much, they are actually trying to tackle that problem (with their own set of issues, but at least trying).
I was more trying to point out that we can get to where we are now in the browser.
Solving the problem of key distribution and management is way outside the scope of what I was talking about, and it's far from solved by platform install tools.