- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 13 Mar 2014 14:44:38 -0400
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- CC: Mark Nottingham <mnot@mnot.net>, public-webappsec@w3.org
On 3/13/14 12:48 PM, Devdatta Akhawe wrote: > The browser can do whatever it does right now. But for integrity > verification, it will need to undo content encodings like gzip. Hmm. That's actually pretty annoying to implement, on both the browser and the server. Consider the current data flow. Right now, the server just has a .tar.gz sitting on a hard drive. When you ask for it, it sends it. The browser receives the data, and streams it directly to disk. What is the proposed data flow, both on server and client, with integrity verification? -Boris
Received on Thursday, 13 March 2014 18:45:10 UTC