[Cryptography] Encrypting web pages ?

[Michael Kjörling]

On 6 Jun 2021 09:10 -0600, from hartmans at mit.edu (Sam Hartman):
> From the static content, much of it is public--content that would be
> served to anyone, where confidentiality at rest appears to have little
> value.

Of course, even for public content, there is also the issue of
_integrity_ guarantees, in the sense of the content that's actually
served to a client being what the author of the document referencing
it intended to be used with their document. (Which is different from
it not having been modified in transit, for which simply using HTTPS
is a relatively decent solution.)

Which seems to be pretty much the problem web subresource integrity
aims to solve in isolation, albeit only for a subset of the resources
referenced by a typical web page.

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Consider if SRI was extended to be a valid restriction on _all_ web
subresource references; if a web page then references, say, an image,
it could require that image to actually have certain content (by way
of the data having a specific cryptographic hash value) instead of, as
is currently the case, just being accessible at a specific URI. In
some cases, perhaps especially for content served via CDNs, this seems
like it could be a useful assurance.

-- 
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
 “Remember when, on the Internet, nobody cared that you were a dog?”