Re: [integrity]: latency tradeoffs

On Wed, Jan 15, 2014 at 11:37 AM, Pete Freitag <> wrote:
> The Merkle tree approach is very interesting, but what happens if the last
> chunk fails verification and you've already "used" prior chunks of the
> resource? By "used" do you mean applying the contents of the resource chunk
> to begin altering the document, or simply the work of preparing the resource
> to be used in the document?

With progressive authentication, any accepted chunk is authentic: it's
the data that the hash in the source document intended. So it's fine
to use it in any way - parsing, and executing Javascript for example.

That does mean that an attacker can truncate the resource, but that's
currently the case with HTTPS. An attacker can see the number of reply
bytes sent and inject a TCP RST. However, a truncation attack would be
easier, certainly. So, although technically it's not a new capability,
perhaps there's a problem there. Someone more familiar with Javascript
would have to comment on the implications of that.



Received on Wednesday, 15 January 2014 16:57:55 UTC