- From: <bugzilla@jessica.w3.org>
- Date: Wed, 06 Feb 2013 21:41:24 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20789
Victor Costan <costan@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|DUPLICATE |---
--- Comment #11 from Victor Costan <costan@gmail.com> ---
@Edward: thank you very much for reading through this proposal!
I respectfully disagree that this is a duplicate of the proposal in bug 11402,
although they share some of the same mechanisms.
11402 proposes using hashes for bandwidth savings. In that proposal, a hash
match short-circuits the download process. In the meantime, CDNs have emerged
as an alternative method for achieving the same bandwidth savings without the
need for a standard change.
This proposal introduces a hash verification step after the script is
downloaded. It is not susceptible to the cache poisoning attack in bug 11402,
because scripts are always downloaded from their origins. Even if an attacker
can carry out a second pre-image attack against SHA2, they still have to
compromise the CDN provider and cause the CDN to deliver the attacker's script.
This is an improvement over the current situation, where an attacker that can
compromise the CDN gets to execute arbitrary scripts in the context of the
original site.
Also, while the bug 11402 proposal features a similar syntax for specifying
cryptographic digests, it does not handle the information leak attack in #5. I
believe that is a consequence of the fact that 11402 was put together with
performance in mind, while this proposal is focused on improving security.
Given these concerns, I think it would be constructive to consider this
proposal on its own, separately from bug 11402.
--
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Wednesday, 6 February 2013 21:41:25 UTC