Re: SRI, cache validation and ServiceWorkers

On Mon, May 19, 2014 at 9:12 AM, Yoav Weiss <yoav@yoav.ws> wrote:
> Obviously, full TLS provide better user protection (for any kind of MITM),
> but I think the above scheme can be used to mitigate SW specific MITM
> threats, and enable SW over TLS.
>
> Thoughts?

I don't think we ever thought it would not be possible to have service
workers outside HTTPS given sufficient patching, it's just not clear
that making it substantially different is a good tradeoff. And sites
that use service workers ought to be using HTTPS anyway.


-- 
http://annevankesteren.nl/

Received on Monday, 19 May 2014 07:37:54 UTC