Re: [integrity]: latency tradeoffs

>> My only concern: I am not sure whether we want to make this a
>> requirement for the first version of the spec or make it a requirement
>> in the second version.
> The strongest use cases for integrity are for JS, CSS, fonts, and for
> binary downloads. Most of these can't be really rendered speculatively
> as they load; binary blobs are the only exception, I think, but they
> do not benefit hugely from progressive validation.

Exactly. Waiting for version 2 of the spec for progressive
authentication makes sense to me. This allows us to thrash out all
other issues. Version 2 can specify progressive authentication and,
thus, make integrity validation for passive multimedia a lot more

Interestingly, the current spec's CSP does not have a way to say
"require for JS, CSS, fonts, downloads." Maybe we should change that
given this discussion?


Received on Thursday, 16 January 2014 03:15:01 UTC