webext-signed-pages VS cyph

There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. https://github.com/tasn/webext-signed-pages

EteSync has implemented something called Signed Pages, this might be worth looking closer at. This uses PGP keys which is preloaded into the browser; but I suspect that will be a barrier too high for most non-tech users.

There are also projects like signed web pages which can also help increasing the trust level to some degree. But that requires that you can download the source code and regenerate the verification hash locally - or have other trusted methods to verify the hash value hasn't been modified as well. The current concept is reasonably sane, but it requires too much from users currently to make it widely used.

> The server can at any time start serving malicious payloads

True, and I call this threat model "Beware Each and Every Fetch" (BEEF) in contrast to the more common TOFU model (although if you trust a desktop app to auto-update itself then these two models might not be all that different).

In any case, I think you're being a little quick to dismiss the idea of server-hosted applications. It's true that browsers don't natively have a nice way of pinning specific versions of a web app, but there is the clever hack of SecureBookmarks[0] (if you're prepared to sacrifice the UX), or, more realistically, you can pin the web app version using some sort of browser extension.

Examples of the latter include the Signed Pages extension[1], and Code Verify[2], which is the result of a collaboration between Meta and Cloudflare (for securing the WhatsApp Web code, currently, but should eventually support other sites like Proton's too). Of course, it would be much better if this capability was natively included in browsers themselves, but hopefully adoption of this technology will pressure browsers and standards bodies to take ownership of this.

[0] https://coins.github.io/secure-bookmark/

[1] https://github.com/tasn/webext-signed-pages

[2] https://github.com/facebookincubator/meta-code-verify

Something like a browser extension for this does already exist, fortunately:

https://github.com/tasn/webext-signed-pages

In regards to untrusted webapp, yes, that is a reasonable attack vector. That said, I've heard from ProtonMail they have been considering to implement Signed Pages to help mitigate (at least some of the) issues with this attack vector.

Which is why it is important to get proper E2E encryption on e-mail, where the source is open source and can be audited. And then that there are verify mechanisms to verify that the source code has not been manipulated. For web services there are signed-pages which is quite interesting.

[where this model breaks down] -- Alice and Bob go to your website and have a conversation. Eve hacks into the website and modifies the E2EE code. She can switch between serving the normal webapp and the malicious non-E2EE webapp. There's no good way to detect it. There are people out there who really like end to end security, but don't like browser-based e2ee because it doesn't have end to end security.

Note: https://www.cyph.com/ is a bbE2EE chat system.

If we do care about the delta in security model between the web and other platforms, then we could build some kind of code bundling and signing mechanism for web applications, perhaps with some kind of transparency layer on top to make the code publicly auditable and make it harder to target specific users with malicious code. A bundling/signing/transparency solution for the web could probably be built out of some of a collection of mechanisms that already exist or have at least been explored. Related ideas include Subresource Integrity, Isolated Web Apps, Signed Exchanges and Web Packaging, Meta’s Code Verify extension, and source code and supply chain transparency proposals.

Incidentally, I've actually just recently developed a solution to this exact problem: https://www.websign.app.

WebSign started a while back as an internal framework used by the Cyph E2EE messenger (https://www.cyph.com), and @eganist and I gave a talk that covered part of the architecture at Black Hat and DEF CON. Now we have a static web hosting service built around it for others to use, which takes care of bundling and code signing during deployment.

If anyone here has a use case for it, we're looking for pilot customers now. Just shoot me an email at [email protected].

https://github.com/cyph/cyph

It would be wasteful to throw away the Web of Trust (people with handles to keys) that everyone entered into Keybase. Hopefully, Zoom will consider opening up the remaining pieces of Keybase if not just spinning the product back out to a separate entity?

W3C DIDs and https://blockcerts

From https://news.ycombinator.com/item?id=19185998 https://westurner.github.io/hnlog/#comment-19185998 :

> There's also "Web Key Directory"; which hosts GPG keys over HTTPS from a .well-known URL for a given user@domain identifier: https://wiki.gnupg.org/WKD

> GPG presumes secure key distribution

> Compared to existing PGP/GPG keyservers [HKP], WKD does rely upon HTTPS.

Blockcerts can be signed when granted to a particular identity entity:

> Here are the open sources of blockchain-certificates/cert-issuer and blockchain-certificates/cert-verifier-js: https://github.com/blockchain-certificates