S-links: Why distributed security policy requires secure introduction


In this paper we argue that secure introduction via hyperlinks will be essential for distributing security policies on the web. The "strict transport security" policy, which makes HTTPS mandatory for a given domain, can already be expressed by links with an https URL. We propose s-links, a set of lightweight HTML extensions to express more complex security policies in links such as key pinning. This is the simplest and most efficient way to secure connections to new domains before persistent security policy can be negotiated directly, requiring no changes to the user experience and aligning trust decisions with the user's mental model. We show how s-links can benefit a variety of proposed protocols and discuss implications for the browser's same-origin policy.