Re: SRI, cache validation and ServiceWorkers

On Mon, May 19, 2014 at 9:12 AM, Yoav Weiss <> wrote:
> Obviously, full TLS provide better user protection (for any kind of MITM),
> but I think the above scheme can be used to mitigate SW specific MITM
> threats, and enable SW over TLS.
> Thoughts?

I don't think we ever thought it would not be possible to have service
workers outside HTTPS given sufficient patching, it's just not clear
that making it substantially different is a good tradeoff. And sites
that use service workers ought to be using HTTPS anyway.


Received on Monday, 19 May 2014 07:37:54 UTC