S-links: Why distributed security policy requires secure introduction
Abstract
In this paper we argue that secure introduction via hyperlinks will be essential
for distributing security policies on the web. The "strict transport security"
policy, which makes HTTPS mandatory for a given domain, can already be expressed by
links with an https URL. We propose s-links, a set of lightweight HTML extensions
to express more complex security policies in links such as key pinning. This is the
simplest and most efficient way to secure connections to new domains before
persistent security policy can be negotiated directly, requiring no changes to the
user experience and aligning trust decisions with the user's mental model. We show
how s-links can benefit a variety of proposed protocols and discuss implications
for the browser's same-origin policy.
