W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: Subresource Integrity strawman.

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 8 Jan 2014 21:39:06 -0800
Message-ID: <CALx_OUB3pbYOkKG0CxQOEcYhh-ki+RLcfUuHcOZn39V6OH_Nfw@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Devdatta Akhawe <dev.akhawe@gmail.com>, Ilya Grigorik <igrigorik@google.com>, Joel Weinberger <jww@chromium.org>, Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Frederik Braun <fbraun@mozilla.com>, Brad Hill <bhill@paypal.com>, Anne van Kesteren <annevk@annevk.nl>, Tab Atkins <tabatkins@google.com>, William Chan <willchan@google.com>
> Seems like this could be mitigated by only allowing the integrity-enabled cache to consider responses that are storable by a shared cache…

That sounds like a pretty good approach (probably alongside with the
ability to override it both ways with a new response header or so).

/mz
Received on Thursday, 9 January 2014 05:39:53 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC