- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Thu, 12 Sep 2013 12:03:18 -0700
- To: Brad Hill <hillbrad@gmail.com>
- Cc: Joel Weinberger <jww@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Hey, Honestly, I'm a bit struggling to understand what's the key benefit of doing suborigin://hashed-concat versus suborigin://non-hashed-concat - in that both of these representations will not be literal string matches for any existing origin if done sensibly (and using a literal suborigin:// further alleviates most fears). In either case, I think that keeping the communications between origins simple and intuitive should be a goal for both approaches. Perhaps base64 or rot13 is indeed a better idea. I agree with Brad's concern about having to preserve protocol, perhaps as a part of the hash. /mz
Received on Thursday, 12 September 2013 19:04:06 UTC