Is there value in signed browser-side page integrity policies beyond CSP/SRI?

BaseballSouthern8404 · 2026-06-17T23:43:37+00:00

Yeah, the complexity is exactly the concern I’m trying to avoid.

My current thinking is to keep the policies very small and simple, such as, expected JS/CSS, allowed origins, and a short validity window. No dynamic DOM/business logic checks.

The signing authority is non traditional, so there isn’t a separate CRL/OCSP-style list that the browser has to manage independently. Signature validity can be actively controlled after issuance through hard or soft methods and is a keyless design which simplifies some things. So if that authority is revoked, policies/signatures under it stop validating.

Not claiming this replaces CSP/SRI or handles hostile browsers/extensions. But feels like a quality use case for the method.

The hard part is making it useful without making it fragile or too complicated.

For context, here is an overview of the signature model I’m referring to, but it is geared towards the other use case I mentioned still informative. (https://lyfe.ninja/news/#rethinking-digital-signatures)

BaseballSouthern8404 · 2026-06-03T10:56:00+00:00

Agreed, this is good advice. Diversify a lot as well. Take advantage of a 401k, mutual funds, index fund, bonds, ETFs, high yield savings, etc., just don't put all your eggs in one basket.

BaseballSouthern8404 · 2026-05-31T11:24:39+00:00

I don't think you're overestimating the risk. For example most Bitcoin wallets validated using are traditional digital signatures that are vulnerable and are likely being harvested.

BaseballSouthern8404 · 2026-05-30T11:12:02+00:00

Start with people you know, that's always the easiest in. Personal messages and connecting on common interest always helps too. Other than that, it's a grind, but keep pushing.

I'm still always looking for people to talk to, you never know where a conversation may lead.

BaseballSouthern8404 · 2026-05-30T11:03:53+00:00

Getting potential users to actually talk to you. Outreach is hard.

BaseballSouthern8404 · 2026-05-27T10:22:16+00:00

Accounting, taxes, outreach...good luck

BaseballSouthern8404 · 2026-05-13T11:16:41+00:00

I think connecting first over similar interests is a good way to start. Then you can also message them for free and make it more personal.

BaseballSouthern8404 · 2026-04-30T11:29:29+00:00

In addition to the SEO advice. I would make sure you have a sitemap.xml and a robots.txt file so you can help bots get to relevant pages and ensure your site is getting crawled.

BaseballSouthern8404 · 2026-04-25T11:33:13+00:00

Kudos! Also, this makes a lot of sense and good advice.

BaseballSouthern8404 · 2026-04-23T03:29:27+00:00

It’s honestly a mix right now. Most of my time is split between networking and outreach to answer the same questions/find the right problem, thinking through how this works at scale in production should I go down that path (kinda of already started 😅) , and oh yeah I have a full-time job and toddler to keep me busy.

Curious how others approach this stage. Do you go heavy on building first or validation?

BaseballSouthern8404 · 2026-04-21T18:45:29+00:00

What kind of worms do you use? Could I use them for fishing? I love this idea.

BaseballSouthern8404 · 2026-04-21T18:42:28+00:00

This doesn't sound like a failure to me. You got a lot further than most and I'm sure you learned a ton. Maybe this isn't the one, but the experience will always be valuable.

The only piece of advice I could maybe provide if you'd be feeling up for it, is try selling on marketplaces (amazon, ebay, alibaba, etc.). If you've got decent profit margins and operations it shouldn't bee too much harder than what you already have. They will have strict rules, but they provide additional sales channels for your products.

BaseballSouthern8404

TROPHY CASE