[_wldu]

Put the checksums in a separate system such as the DNS. Use DNSSEC on your domains. Manage your DNS system as an isolated system (don't mix your HTTP/Email/Other stuff with your DNS provider). Now, users may verify the downloads you provide at your website by getting checksums from the DNS.

DANE may be of interest here as well:

https://www.infoblox.com/dns-security-resource-center/dns-se...

[hedora]

Is there any tooling around this?

In particular, it's crazy that I can't just stick a public key for my email address in the DNS record for my domain, and have email auto E2E encrypt to it.

(No, that wouldn't scale for gmail, but they could do a two level thing, where the gmail key signs the public key for each mailbox -- assuming people bothered to set up their own keys, or that gmail just silently opted them in to server side encryption.)

[tptacek]

How does DNSSEC help here at all? We're talking about the security of checksums of data on pages. DNSSEC only addresses the name lookup.

[cortesoft]

That just makes DNS the single point of failure. If you own DNS, you can change the checksum and the download all at once.