Web browsers trust hundreds of Certificate Authorities (CAs), any of which can impersonate any domain on the Internet. CA compromises have led to serious attacks on real users. Several proposals exist for websites to declare a stricter security policy, such as requiring a limited set of CAs or public keys (commonly called pinning). S-links is a proposal to embed security policy in HTML links, increasing security in several scenarios:
Many of the largest web sites, such as search engines and social media sites, act as introducers (or hubs) which connect users to new websites. If an introducer knows of a stricter security policy for a third-party site example.com, s-links enable secure introduction whereby users clicking a link to example.com connect using the introducer's policy. After initial connection the user and example.com can then establish a persistent security policy using other protocols.
Secure resource loading
Bootstrapping new security protocols
Many proposals, such as Certificate Transparency, DNSSEC/DANE, or Sovereign Keys, need universal server adoption before browsers can require them. S-links can help bootstrap these protocols by indicating server support in links.