W3C home > Mailing lists > Public > public-webcrypto@w3.org > June 2012

Re: Another use case: validating documents received

From: David Dahl <ddahl@mozilla.com>
Date: Wed, 6 Jun 2012 11:40:00 -0700 (PDT)
To: Philip Gladstone <pgladsto@cisco.com>
Cc: public-webcrypto@w3.org
Message-ID: <2007580489.5629127.1339008000148.JavaMail.root@mozilla.com>
That is an interesting use-case. I can imagine the server sending along a Hash of the 'intended content' and the browser reading the source markup hashing it and validating the hashes match. Or, I can see websites creating XHR/JSON APIs that allow the browser to query the server after page load with the url that was loaded and the client-side hash. 

Cheers,

David 

----- Original Message -----
> From: "Philip Gladstone" <pgladsto@cisco.com>
> To: public-webcrypto@w3.org
> Sent: Wednesday, June 6, 2012 1:21:44 PM
> Subject: Another use case: validating documents received
> 
> As part of another activity, the requirement came up to allow the
> javascript in a browser to validate the whether an HTML document that
> had been received was actually the original document sent by the web
> server or whether it had been modified in transit (e.g. by some
> 'helpful' party that was doing ad insertion). Note that retreiving
> the
> document over TLS doesn't provide that guarantee due to the presence
> of
> TLS proxies.
> 
> It isn't quite clear to me how to solve this problem, but it seems
> like
> a useful use case.
> 
> Philip
> 
> --
> Philip Gladstone
> Distinguished Engineer
> Product Development
> pgladstone@cisco.com
> Phone: +1 978-ZEN-TOAD (+1 978 936 8623)
> Google: +1 978 800 1010
> Ham radio: N1DQ
> 
> 
Received on Wednesday, 6 June 2012 18:40:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 6 June 2012 18:40:28 GMT