undefined | Better HN

0 pointsdane-pgp4y ago0 comments

Another possible mitigation is SecureBookmarks[0] which uses SRI integrity hashes and Data URLs to ensure that you always get the same web app.

At worst, this means the security level fits the TOFU model (Trust On First Use), which is better than the default BEEF model, which stands for "Beware Each and Every Fetch".

[0] https://coins.github.io/secure-bookmark/

0 comments

2 comments · 1 top-level

MzHN4y ago· 1 in thread

Thanks for this. I've been toying with this idea myself in the context of Signal's refusal to implement a web client, due to web clients missing TOFU. Glad to see it's not as crazy of an idea as I felt it was.

I wonder why this topic seems so unpopular. Nobody cares that currently it is impossible to make a secure web app?

From your other comments I also found webext-signed-pages, and the issue asking if they could make it secure, and I'm amazed that they dismissed it. In their readme they claim to protect against malicious and compromised servers, but in reality they don't, so what is the point..?

dane-pgpOP4y ago

People do care, but it's a hard problem to solve well without the help of browser makers. I don't know why Mozilla aren't trying to move the web forward in this way, but the usual argument is that browsers shouldn't implement features that web developers aren't going to use, which causes a bit of a chicken and egg problem.

The main disadvantages of SecureBookmarks are that the address bar contains the Data URL (rather than a trusted domain, with a padlock) and it is difficult to upgrade a bookmark. Technically, though, it should be possible for the server to keep a record of the latest version the user has opted in to, and that value could be signed by the user's password which the server never sees. That way only the initial web app bootstrapping code is not upgradeable.

I agree that the response from the Signed Pages devs has been disappointing, but for balance I should say that their claim seems to be that protecting against downgrades would necessarily prevent gradual deployments of complex web apps. I'm not convinced about that, but haven't looked deeply into the technological limitations. In any case, the lack of downgrade protection doesn't make the extension useless, since it improves the security of web apps from having to trust an online TLS key to trusting an offline PGP key.