Re: Better download security through browsers

2017-03-27 Thread Frederik Braun
On 27.03.2017 16:21, Daniel Veditz wrote: > On Mon, Mar 27, 2017 at 1:22 AM, Frederik Braun > wrote: > > UI hooks, for the SafeBrowsing > ​ ​ > malicious file checks, where we really, > ​ ​ > really discourage you from using > ​ ​ > the down

Re: Better download security through browsers

2017-03-27 Thread Daniel Veditz
On Mon, Mar 27, 2017 at 1:22 AM, Frederik Braun wrote: > UI hooks, for the SafeBrowsing > ​ ​ > malicious file checks, where we really, > ​ ​ > really discourage you from using > ​ ​ > the downloaded file but you can still click around that with lots of > ​ ​ > left-clicking. > ​"Not known to be

Re: Better download security through browsers

2017-03-27 Thread Frederik Braun
On 24.03.2017 18:24, Mike Hoye wrote: > My 2006 proposal didn't get any traction either. > > https://lists.w3.org/Archives/Public/public-whatwg-archive/2006Jan/0270.html > > > FWIW I still think it'd be a good idea with the right UI. I think we already have _related_ UI hooks, for the SafeBrows

Re: Better download security through browsers

2017-03-26 Thread Gervase Markham
On 24/03/17 17:12, Gregory Szorc wrote: > This got me thinking: why doesn't the user agent get involved to help > provide better download security? What my (not a web standard spec author) > brain came up with is standardized metadata in the HTML for the download > link (probably an ) that defines

Re: Better download security through browsers

2017-03-25 Thread Daniel Veditz
Most people working on sub-resource integrity has wanted to extend SRI to downloads, it was even in the initial version of the spec but foundered in the weeds of edge cases iirc. I don't see an open issue for it though: looks like it got lost in the transition from our old repo to the new one. It's

Re: Better download security through browsers

2017-03-24 Thread Mike Hoye
Love it. How do we make it happen? - mhoye On 2017-03-24 1:30 PM, Tom Ritter wrote: It seems like SubResource Integrity could be extended to do this... It's specifically for the use case: where you kinda trust your CDN, but you want to be completely sure. -tom On Fri, Mar 24, 2017 at 12:24 PM

Re: Better download security through browsers

2017-03-24 Thread Tom Ritter
It seems like SubResource Integrity could be extended to do this... It's specifically for the use case: where you kinda trust your CDN, but you want to be completely sure. -tom On Fri, Mar 24, 2017 at 12:24 PM, Mike Hoye wrote: > My 2006 proposal didn't get any traction either. > > https://lists

Re: Better download security through browsers

2017-03-24 Thread Ben Kelly
We now have SRI and support integrity attributes on elements like

Re: Better download security through browsers

2017-03-24 Thread Mike Hoye
My 2006 proposal didn't get any traction either. https://lists.w3.org/Archives/Public/public-whatwg-archive/2006Jan/0270.html FWIW I still think it'd be a good idea with the right UI. - mhoye On 2017-03-24 1:16 PM, Dave Townsend wrote: I remember that Gerv was interested in a similar idea man

Re: Better download security through browsers

2017-03-24 Thread Dave Townsend
I remember that Gerv was interested in a similar idea many years ago, you might want to see if he went anywhere with it. https://blog.gerv.net/2005/03/link_fingerprin_1/ On Fri, Mar 24, 2017 at 10:12 AM, Gregory Szorc wrote: > I recently reinstalled Windows 10 on one of my machines. This invol