Discussed at TPAC 2017 in Burlingame, especially the trust model: is the CDN potentially the adversary, or are developers asking for them to trusted to deliver resources on their behalf? I was curious if CDNs were unhappy with this proposal, if it fundamentally changed their role with regard to their customers. @mikewest explained that, because the private key can be stored offline and the signature generated at build time (under the developer's control) OR can be stored on the server (presumably under the CDN's control) — either trust model is possible within this proposal. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/186#issuecomment-342597486
Received on Tuesday, 7 November 2017 19:38:28 UTC