- From: David Dahl <ddahl@mozilla.com>
- Date: Wed, 6 Jun 2012 11:40:00 -0700 (PDT)
- To: Philip Gladstone <pgladsto@cisco.com>
- Cc: public-webcrypto@w3.org
That is an interesting use-case. I can imagine the server sending along a Hash of the 'intended content' and the browser reading the source markup hashing it and validating the hashes match. Or, I can see websites creating XHR/JSON APIs that allow the browser to query the server after page load with the url that was loaded and the client-side hash. Cheers, David ----- Original Message ----- > From: "Philip Gladstone" <pgladsto@cisco.com> > To: public-webcrypto@w3.org > Sent: Wednesday, June 6, 2012 1:21:44 PM > Subject: Another use case: validating documents received > > As part of another activity, the requirement came up to allow the > javascript in a browser to validate the whether an HTML document that > had been received was actually the original document sent by the web > server or whether it had been modified in transit (e.g. by some > 'helpful' party that was doing ad insertion). Note that retreiving > the > document over TLS doesn't provide that guarantee due to the presence > of > TLS proxies. > > It isn't quite clear to me how to solve this problem, but it seems > like > a useful use case. > > Philip > > -- > Philip Gladstone > Distinguished Engineer > Product Development > pgladstone@cisco.com > Phone: +1 978-ZEN-TOAD (+1 978 936 8623) > Google: +1 978 800 1010 > Ham radio: N1DQ > >
Received on Wednesday, 6 June 2012 18:40:28 UTC