Ask HN: State of the art for web apps without trusting servers?

4 points

12 years ago

A current HN front page item has once again brought up the old issue about how Javascript-implemented crypto in web apps could be modified by the web server operator at any time.

https://news.ycombinator.com/item?id=8659456

That is, even if the server operator does a good job implementing the web app and the publicly-audited open source code prevents the server operator from seeing plaintext, the user doesn't know that the version served just now is the safe, audited version, as opposed to a modified, backdoored version.

So, if the server gets compromised, or the server operator decides to spy on a particular user, or a government manages to order the operator to change the code for a particular user

http://blogs.wsj.com/digits/2014/11/25/case-suggests-how-government-may-get-around-phone-encryption/

then the user is out of luck. Of course this is a fairly well-known concern (highlighted over the years by tptacek and others) and I've heard of three or four projects to try to address it. They have in common the concept of creating some mechanism for browsers to verify, pin, and/or require independent certification of the contents when rendering a page containg a web app, so that the page just won't load if its contents have been changed in any way. (That also means you have to verify that the code can never dynamically load or eval new additional code, which might be enforced by auditors rather than by the browser.)

Who is working on proposals for such mechanisms, which ones are making progress, and how far along are they?

1 comment