undefined | Better HN

0 pointsEGreg5mo ago0 comments

If they want to make a proposal, they should have httpc://sha-256;... URLS which are essentially constant ones, same as SRI but for top-level domains.

Then we can really have security on the Web! Audit companies (even anonymous ones but with a good reputation) could vet certain hashes as being secure, and people and organizations could see a little padlock when M of N approved a new version.

As it is, we need an extension for that. Because SRI is only for subresource integrity. And it doesn't even work on HTML in iframes, which is a shame!

0 comments

ameliaquining5mo ago

The linked proposal is basically a user-friendlier version of that, unless you have some other security property in mind that I've failed to properly understand.

j / k navigate · click thread line to collapse

0 pointsEGreg5mo ago0 comments

If they want to make a proposal, they should have httpc://sha-256;... URLS which are essentially constant ones, same as SRI but for top-level domains.

As it is, we need an extension for that. Because SRI is only for subresource integrity. And it doesn't even work on HTML in iframes, which is a shame!

0 comments

ameliaquining5mo ago

The linked proposal is basically a user-friendlier version of that, unless you have some other security property in mind that I've failed to properly understand.

j / k navigate · click thread line to collapse