5
edits
Security/Features/Content Hashing/Spec: Difference between revisions
Security/Features/Content Hashing/Spec (view source)
Revision as of 22:19, 15 July 2011
, 15 July 2011no edit summary
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
=Use cases= | =Use cases= | ||
== How to specify the element hash value ? == | |||
What is the best way to specify the element hash ? | |||
Potential candidates: | |||
* adding a tag element : <img src="a.jpg" hash="yyyyyyyyyyy"> | |||
* Use a manifest file | |||
* Use a header | |||
= Technical issues = | = Technical issues = | ||
== External elements update == | == External elements update == | ||
How an external website can tell that the element request by the page was updated ? | |||
== Loading failure reporting == | |||
How to report that an element failed to load because to the signature verification failed ? | |||
Maybe using the SCP report mechanism ? | |||
| Line 21: | Line 35: | ||
Using the hash as an integrity mechanism is tricky because it can be delivered over HTTP. In this case a Man in the Middle attack can be performed. | Using the hash as an integrity mechanism is tricky because it can be delivered over HTTP. In this case a Man in the Middle attack can be performed. | ||
Communicate this limitations to user and developer is tricky. | Communicate this limitations to user and developer is tricky. | ||
== Mime type confusion == | |||
There is a potential issue with element cached as a specific mime-type and then used as another type. The canonical example being the gifjar attack. | |||
http://www.gnucitizen.org/blog/java-jar-attacks-and-features/ | |||