Brad Hill <> writes:

> Paging (future Dr.) Deian Stefan to the ER...
> Any thoughts on using COWL for this kind of thing, with a pinned crypto key
> as a confinement label to be combined with the regular Origin label?

Thanks for paging me! I've thought about something like this---providing
some form of code integrity---in the context of COWL as well.

The idea was to grant a worker the privilege corresponding to the (hash
of the) source, in addition to its origin. This would allow a server to
verify if the code it is communicating with is trustworthy.
(COWL labels are not limited to origins.)

I really like Yan's use case. And I think it fits in pretty naturally
with COWL: the app, if verification succeeds, can be granted the
privilege corresponding to the (hash of the) crypto key:
Other code from the same origin would only have 

I think this may partly address Chris and Dev's concerns.  But deciding
when not to run the app code is still a question. Though I think the
github issue already brings this up.


Reply via email to