Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

Chris Palmer wrote:
> 
> TLS does have an end-to-end (client to front-end server) integrity
> checking mechanism.
> 

Unless there's a proxy (security appliance, etc.) involved, excluding
the user-agent from the integrity check. What's needed is an integrity
check which is end-to-end from origin server to user agent; could be a
script, the purpose of which would be to alert the site owner and the
end user to the presence of altered content, even if that content was
altered by a "trusted" proxy.

-Eric

Received on Wednesday, 31 December 2014 02:12:48 UTC