Re: [integrity] What should we hash?

On 3/13/14 12:48 PM, Devdatta Akhawe wrote:
> The browser can do whatever it does right now. But for integrity
> verification, it will need to undo content encodings like gzip.

Hmm.  That's actually pretty annoying to implement, on both the browser 
and the server.

Consider the current data flow.  Right now, the server just has a 
.tar.gz sitting on a hard drive.  When you ask for it, it sends it.  The 
browser receives the data, and streams it directly to disk.

What is the proposed data flow, both on server and client, with 
integrity verification?

-Boris

Received on Thursday, 13 March 2014 18:45:10 UTC