Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pre-proposal: Signed origins #8205

Closed
DemiMarie opened this issue Aug 18, 2022 · 1 comment
Closed

Pre-proposal: Signed origins #8205

DemiMarie opened this issue Aug 18, 2022 · 1 comment

Comments

@DemiMarie
Copy link

While the web platform is currently suitable for many applications, there is one for which it, as it stands now, is fundamentally unsuitable for: end-to-end encrypted messaging and collaboration tools. The reason is security: the threat model of an end-to-end encrypted messaging app is that all server-side code is untrusted and potentially hostile. While the servers are often operated by the same entity that can push updates to the clients, the difference is that those updates must be cryptographically signed.

Is the need for this best met by a WebExtension with an extension page and no permissions? Or is this something that should be handled differently?
@annevk
Copy link
Member

annevk commented Aug 29, 2022

This is probably not the best place to brainstorm a solution to a such a vast topic. I recommend WICG or the W3C WebAppSec WG.

Closing as a result, but happy to reopen if there's something I forgot to consider.

@annevk annevk closed this as completed Aug 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@annevk @DemiMarie