Cloudflare’s senior research engineer has outlined a plan to improve the trustworthiness of JavaScript on the web, emphasizing the inherent vulnerabilities in current cryptographic practices. The post highlights how JavaScript cryptography, despite being considered secure as of 2011, is now seen as problematic due to the ease with which malicious actors can alter code on the client side. This is illustrated by the example of end-to-end encrypted messaging apps, where a compromised application could be manipulated to exfiltrate user data. The main issue identified is the lack of integrity, consistency, and transparency in the web ecosystem, which smartphone app stores have managed effectively. The proposed solution, called Web Application Integrity, Consistency, and Transparency (WAICT), is a W3C-backed initiative involving browser vendors, cloud providers, and encrypted communication developers. WAICT aims to provide stronger security guarantees by introducing an integrity manifest, a configuration file that maps asset hashes to their paths. This framework is designed to benefit various in-browser cryptographic uses, including web-based confidential LLMs, cryptocurrency wallets, and secure voting systems. While the proposal is still in the early stages of standardization, the team hopes to begin formalizing the integrity manifest format soon, with the goal of enhancing web security in the near future.
The blog post also notes the role of the WEBCAT protocol, developed by the Freedom of Press Foundation, which allows site owners to announce the identities of developers who have signed the site’s integrity manifest. The proposal envisions a service that stores metadata for transparency-enabled sites along with ‘witnesses’ who verify the prefix tree holding the hashes for domain manifests. The team acknowledges that they are still in the early stages of the standardization process, with plans to start formalizing the integrity manifest format soon. They also aim to work closely with browsers and the IETF to develop the specification, with the hope of having exciting betas in the near future. In the meantime, developers can follow along with the transparency specification draft, check out open problems, and share their ideas on improving the framework.