End-to-end is hard, especially on the web. For me there's a difference between true and non-true end-to-end.
When we talk about end-to-end security we probably think it's when everything is handled locally and only cipher text is sent between client and server. This is partly true, but what happens if the server is compromised? Then a hacker can serve scripts that backdoors the encryption and in worst cases make the client send plaintext instead of ciphertext, I mean how can the client verify that the files he/she got are legit?
But what about extensions?
With CSP-and SRI-hashes the client can automatically verify the integrity of resources
SubResource Integrity(SRI) is a method to verify the contents of a third-party resource with a hash, in the
<link> element, like so:
integrity="<hash>". If the hash does not match the content, it will not be loaded. You can read more here.
This is great because let's say the server that hosts the content gets hacked the hacker could serve bad code instead of the requested resource. Also, this only works with webservers that supports CORS so it will not work all the time. If you want it to work you have to host it yourself.
The hash is called a "SRI"-hash and can be calculated in openssl like this
cat file.js | openssl dgst -sha256 -binary | openssl base64 -A.
With CSP you can tell the client that only resources from a specific domain is allowed and over which protocols(http, https or wildcard). CSP is extremely powerful in many ways and I'll show en example how you can serve resources in a more secure way.
An example with CSP and SRI
So let's say that you have built a web based email service where users login via a website. Your domain is www.mysecure.email
<script>-tags). The only actual content that is allowed is raw HTML.
So how secure is this? What is the static server is hacked? Or the webserver?
It's good, but not perfect
CSP and SRI is indeed awesome and adds some layer of security on the web, but it's not perfect. I would like to see something like HSTS and HPKP but for resources.
The server should offer the client an hash of the served content(this is possible using CSP) and tell how long this hash should be valid. But this would also be dangerous if the content is vulnerable because then the client would be forced to use vulnerable code and that's not good...
So maybe it is perfect after all...