|
|
|
|
|
|
by littlestymaar
1096 days ago
|
|
|
> - You're also trusting a large population of Certificate Authorities (CAs), subject to the post-compromise implications of Certificate Transparency. Only one needs to be compromised. I fail to see the difference between Web and Native in that regards, in both case the attacker need to both: - a compromised certificate - a way to redirect the user to their own server (be it DNS or IP spoofing, or something more fancy like bitsquatting). With only one of those, both the Web and Native app are safe, and with the two of them, you're screwed in both cases. > - There are currently no sufficient mechanisms to validate the integrity of web app packages end-to-end. Not even under a trust-on-first-use (TOFU) model. Would you mind expanding your requirements here? (Especially, what's the threat model you have in mind for which subresource integrity isn't enough but your ideal solution would be). |
|
|
A browser setting to only load subresources with integrity checks would also help