W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: [SRI] Escaping mixed-content blocking for video distribution

From: Brad Hill <hillbrad@fb.com>
Date: Wed, 12 Nov 2014 20:27:22 +0000
To: Mark Watson <watsonm@netflix.com>
CC: Adam Langley <agl@google.com>, Mike West <mkwst@google.com>, "Frederik Braun" <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <D089022A.DF7%hillbrad@fb.com>
>​I think that is about enabling the server to authenticate the request.
>What I think we need is for the UA to verify that the request processed
>by the server was the same as the one it sent, so that the ​
>​UA can be sure the traffic is not subject to attacks such as the Verizon

It's too late at that point, isn't it? You've been identified to the
server (and anyone in the middle).

I believe the concerns blocking consensus are regarding the privacy, not
the integrity, of requests, so not sure this is a productive track to head


Received on Wednesday, 12 November 2014 20:27:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:42 UTC