[websec] Call for review: Subresource Integrity
Brad Hill <hillbrad@fb.com> Wed, 06 May 2015 16:43 UTC
Return-Path: <prvs=25681e9cb2=hillbrad@fb.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A0BC1B2C61 for <websec@ietfa.amsl.com>; Wed, 6 May 2015 09:43:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.445
X-Spam-Level:
X-Spam-Status: No, score=-1.445 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RAZOR2_CHECK=0.922, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GVYzGZpyMF28 for <websec@ietfa.amsl.com>; Wed, 6 May 2015 09:43:34 -0700 (PDT)
Received: from mx0b-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49C291A1BE7 for <websec@ietf.org>; Wed, 6 May 2015 09:43:34 -0700 (PDT)
Received: from pps.filterd (m0004077 [127.0.0.1]) by mx0b-00082601.pphosted.com (8.14.5/8.14.5) with SMTP id t46Ggb8v003598 for <websec@ietf.org>; Wed, 6 May 2015 09:43:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=facebook; bh=pcpydnLYT4uhwuJgv4wdwM0FSJGaACNOV1W9ZFbJoo8=; b=DxTNtMpHav/MsvYNEwZILGU+yt2+mDLjxhle2cxxVOR25R50fw8tJLupu6kiw7mFmgCG 9ImjHkD8ZbESMFpQRX86uxzQuwfv05iEkImJEmv3UZK02s69nT19X64vi2UiZ7FKyALK 1xcnvOEDR5H2W90LcX4zCk0dcJSYs3N1CdY=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0b-00082601.pphosted.com with ESMTP id 1u7pa383xj-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for <websec@ietf.org>; Wed, 06 May 2015 09:43:33 -0700
Received: from PRN-MBX02-3.TheFacebook.com ([169.254.5.145]) by PRN-CHUB01.TheFacebook.com ([fe80::d5cc:849:f520:db6b%12]) with mapi id 14.03.0195.001; Wed, 6 May 2015 09:43:31 -0700
From: Brad Hill <hillbrad@fb.com>
To: "websec@ietf.org" <websec@ietf.org>
Thread-Topic: Call for review: Subresource Integrity
Thread-Index: AdCIG6MiH2lrJHkcTLm+G+SjfpHtnA==
Date: Wed, 06 May 2015 16:43:30 +0000
Message-ID: <71512C0F85CD764C8AB1CCDCA2FA4FE807CC70CF@PRN-MBX02-3.TheFacebook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.52.13]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-05-06_04:2015-05-05,2015-05-06,1970-01-01 signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/websec/WLnCcxgz_eXOyns1RahgU-9xUII>
Subject: [websec] Call for review: Subresource Integrity
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 16:43:35 -0000
WebSec members and interested parties, The WebAppSec WG at the W3C plans to advance Subresource Integrity to Candidate Recommendation soon and is asking for wide review of the specification. This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. http://w3c.github.io/webappsec/specs/subresourceintegrity/ If you wish to make comments regarding this document, please send them to public-webappsec@w3.org with [SRI] at the start of your email's subject. All comments are welcome. Further sharing of this call for wide review among other interested communities is encouraged. Thank you, Brad Hill