Signature and hashes have different use cases. A signature guarantees
that a person or organisation endorses a resource, as well as
guaranteeing the integrity. A hash only guarantees the integrity. A
signature should be given if a user is downloading software that must
be proven to come from a trusted source, e.g. a privacy suite or bank

Subresource Integrity could perhaps be extended to the signature use
case. I will write to the group. Thanks for the pointer!

On Wed, Dec 9, 2015 at 4:39 AM, Michael[tm] Smith <> wrote:
> "Sean B. Palmer" <>, 2015-12-08 15:44 +0000:
> Seems like the underlying use case is something Subresource Integrity is
> already intended to potentially be used to address.
> --
> Michael[tm] Smith

Sean B. Palmer,

Reply via email to