- From: Daniel <notifications@github.com>
- Date: Wed, 27 Sep 2017 09:33:07 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 27 September 2017 16:33:29 UTC
@triblondon @cynthia I think you all are actually agreeing, but just wanted to add that a CDN could certainly do its job without knowledge of the private key. However, knowing the private key would allow a 'value add' CDN that e.g. also minifies, compresses, assembles, or elsehow prepares resources on behalf of a client. The proposed spec enables either use case. The uses cases can even be mixed within the page, on a resource-by-resource basis. (E.g., CDN provides and holds the key for certain standard libraries, like the most up-to-date jQuery; while the page owner holds the key for the app logic.) Basically, the last thing that is meant to legitimately modify the sub-resource data needs to hold the key. The spec has no opinion on who that should be. That said, the only-page-owner-holds-the-key use case is certainly an important one. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/186#issuecomment-332580126
Received on Wednesday, 27 September 2017 16:33:29 UTC