Personal tools

Security/Features/Content Hashing/Spec

From MozillaWiki

Jump to: navigation, search

Contents

Specification

The content hashing mechanism aims at improving the browser caching performance and providing a means for website to enforce the integrity of their external resources.


Use cases

How to specify the element hash value ?

What is the best way to specify the element hash  ? Potential candidates:

  • adding a tag element : <img src="a.jpg" hash="yyyyyyyyyyy">
  • Use a manifest file
  • Use a header

Technical issues

External elements update

How an external website can tell that the element request by the page was updated ?

Loading failure reporting

How to report that an element failed to load because to the signature verification failed ? Maybe using the SCP report mechanism ?


Potential security issues

Second image collision attack

An attacker can potentially create a hash collision between a specially crafted file and a well known file if the hashing algorithm is weak. MD5 must be avoided at all cost.

Integrity

Using the hash as an integrity mechanism is tricky because it can be delivered over HTTP. In this case a Man in the Middle attack can be performed. Communicate this limitations to user and developer is tricky.

Mime type confusion

There is a potential issue with element cached as a specific mime-type and then used as another type. The canonical example being the gifjar attack. http://www.gnucitizen.org/blog/java-jar-attacks-and-features/


Previous work

Previous work on the subject:

Related RFCS