W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: [integrity] What should we hash?

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 13 Mar 2014 14:44:38 -0400
Message-ID: <5321FC96.7060008@mit.edu>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
CC: Mark Nottingham <mnot@mnot.net>, public-webappsec@w3.org
On 3/13/14 12:48 PM, Devdatta Akhawe wrote:
> The browser can do whatever it does right now. But for integrity
> verification, it will need to undo content encodings like gzip.

Hmm.  That's actually pretty annoying to implement, on both the browser 
and the server.

Consider the current data flow.  Right now, the server just has a 
.tar.gz sitting on a hard drive.  When you ask for it, it sends it.  The 
browser receives the data, and streams it directly to disk.

What is the proposed data flow, both on server and client, with 
integrity verification?

-Boris
Received on Thursday, 13 March 2014 18:45:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC