- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Tue, 11 Feb 2014 20:05:40 +0100
- To: "Mark Nottingham" <mnot@mnot.net>
- Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "William Chan (陈智昌)" <willchan@chromium.org>, "Peter Lepeska" <bizzbyster@gmail.com>, "Frode Kileng" <frodek@tele.no>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Le Mar 11 février 2014 03:39, Mark Nottingham a écrit : > Nicolas, > > Can you expand upon that? A throwaway dismissal like that doesn't really > help. The integrity hash is buried in the html page (content). Therefore, when a web client will perform a GET on one of those resources, proxies will only see the URL and have no way to know it should be checked against something. For the security to be effective the integrity metadata needs to be propagated in the web client http commands. Regards, -- Nicolas Mailhot
Received on Tuesday, 11 February 2014 19:06:20 UTC