[liberationtech] DNSSEC to the rescue. Was: Snakeoil and suspicious encryption services
Tony Arcieri
bascule at gmail.com
Tue Jul 22 11:44:36 PDT 2014
On Tue, Jul 22, 2014 at 11:12 AM, Guido Witmond <guido at witmond.nl> wrote:
> That way you could host all your javascript at the site. (but not at the
> CDN).
>
If Subresource Integrity (SRI) were actually implemented by browsers,
serving JS via a CDN would be fine (and could even be done safely over
plaintext HTTP) because the parent page includes a digest of each
subresource, forming a Merkle tree with its root at the parent page:
http://www.w3.org/TR/SRI/
Of course, we're still left with the bootstrapping problem of getting an
authentic parent page.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140722/51916c3a/attachment.html>
More information about the liberationtech
mailing list