W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: [integrity]: latency tradeoffs

From: Pete Freitag <pete@foundeo.com>
Date: Wed, 15 Jan 2014 11:37:10 -0500
Message-ID: <CAADZ8V5=RHqzq0+tpgAFnz5yPMOaFOy_FdHWCVSsQSbvGCTLhA@mail.gmail.com>
To: Adam Langley <agl@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Jan 14, 2014 at 3:08 PM, Adam Langley <agl@google.com> wrote:

> Current examples seem to be using a single hash to authenticate a
> whole resource. However, that requires that the whole resource be
> buffered before any of it can be used. This extra latency might well
> outweigh any performance benefits that one might wish to gain by using
> integrity.

The Merkle tree approach is very interesting, but what happens if the last
chunk fails verification and you've already "used" prior chunks of the
resource? By "used" do you mean applying the contents of the resource chunk
to begin altering the document, or simply the work of preparing the
resource to be used in the document?
Received on Wednesday, 15 January 2014 16:38:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC