On Tue, Feb 28, 2012 at 10:57 PM, Ian Hickson <ian@hixie.ch> wrote: > On Wed, 29 Feb 2012, Kornel LesiÅ~Dski wrote:> > > How about defining a new scheme which includes the key in the URL? > > > > Example modeled on "password" part of HTTP URLs: > > > > myVideo.src = 'http+aes://' + escape(mykey) + ':@ > cdn.example.net/video123'; > > > > Although not so pretty, it would readily work in all places where URLs > > do, including HTML markup. > > I can't see any problem with this off the top of my head. It neatly solves > the problem for every content type, not just HTML, which is great for > dealing with the manifest cases Mark mentioned. > > Would we want to also support this over https? I suppose it's possible > that we'd have a situation where we trusted a CDN to know the URL that a > user was requesting but still wanted to protect the user from his network > peers knowing what URL he was getting... > > Anyone want to write a spec for this? > I've now specced this: http://html5.org/tools/web-apps-tracker?from=7011&to=7012 http://www.whatwg.org/specs/web-apps/current-work/#http+aes-scheme If anyone would like to edit a spec of this that's independent of the HTML spec, let me know, I'd be happy to move this to another spec. -- Ian Hickson
Received on Friday, 2 March 2012 23:26:18 UTC