[dane-pgp]

I'm hopeful that Signed HTTP Exchanges lead to what you describe, but another Chrome-originating technology that could be extended/abused to achieve a similar goal is the <portal> tag.

There is already a little trick[0] that can be done with bookmarklets (or locally saved files) which allow you to bootstrap a page with a known set of JavaScript code running on it, but it has the disadvantage that the URL bar doesn't contain a familiar domain. If the <portal> spec[1] ends up supporting SRI[2] integrity hashes in a sensible way, this little bootstrapping technique could actually be practical.

[0] https://news.ycombinator.com/item?id=17776456

[1] https://wicg.github.io/portals/

[2] https://www.w3.org/TR/SRI/

[the8472]

Combine SRI with CSPs and cache-control: immutable and you could already commit a page to never change. All that's missing for TOFU is fingerprinting this combination, watching for changes and surfacing the information to the user.

[lisper]

Unfortunately that by itself does not guarantee security. The code that is verified by the bookmarklet could download additional code when it runs, and that code would not be verified.

[the8472]

No, preventing that would be the CSP's job.

[lisper]

My point is that verifying that the content doesn't change is by itself not enough. You also have to verify that it was secure to begin with, and that is much harder, especially for your typical end-user.

[the8472]

That's a separate problem to solve. But for audits to even make sense you first need to solve the problem of sites changing under your feet, i.e. enabling TOFU.