W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2014

Re: SRI, cache validation and ServiceWorkers

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 19 May 2014 09:37:27 +0200
Message-ID: <CADnb78g7ohWdAqgctWqhLP=mT7PQ0eNkys8vqYTGbueLA_EMYQ@mail.gmail.com>
To: Yoav Weiss <yoav@yoav.ws>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, May 19, 2014 at 9:12 AM, Yoav Weiss <yoav@yoav.ws> wrote:
> Obviously, full TLS provide better user protection (for any kind of MITM),
> but I think the above scheme can be used to mitigate SW specific MITM
> threats, and enable SW over TLS.
> Thoughts?

I don't think we ever thought it would not be possible to have service
workers outside HTTPS given sufficient patching, it's just not clear
that making it substantially different is a good tradeoff. And sites
that use service workers ought to be using HTTPS anyway.

Received on Monday, 19 May 2014 07:37:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC