- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Wed, 07 Mar 2012 02:49:15 +0100
- To: Ian Hickson <ian@hixie.ch>
- Cc: Willy Tarreau <w@1wt.eu>, URI <uri@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>
mån 2012-03-05 klockan 23:29 +0000 skrev Ian Hickson: > > Content-Encoding: aes-ctr-128; keyid=0x34751806 > > Cache-control: no-transform > > This would require changes at the intermediaries. Depends on the CDN model. Any CDN seeded by fetching content over HTTP from some master server should do fine. Content-Encoding is a property of the object injected into the CDN. > It would also require a > mechanism to link keys to IDs, which is non-trivial given the same-origin > policy, multiple browsing contexts, subresources, etc. why do same-origin pose a problem? You mean because the plugin can not fetch http://some.other.domain/key? Just provide the key information in whatever references the encrypted URL. Hinting a keyid in the encrypted resource response is not really needed, it's sufficient to say that it's encrypted. Regards Henrik
Received on Wednesday, 7 March 2012 01:50:10 UTC