Re: [SRI] Escaping mixed-content blocking for video distribution

>
>​I think that is about enabling the server to authenticate the request.
>What I think we need is for the UA to verify that the request processed
>by the server was the same as the one it sent, so that the ​
>​UA can be sure the traffic is not subject to attacks such as the Verizon
>"perma-cookie".​

It's too late at that point, isn't it? You've been identified to the
server (and anyone in the middle).

I believe the concerns blocking consensus are regarding the privacy, not
the integrity, of requests, so not sure this is a productive track to head
down.

-Brad
> 

Received on Wednesday, 12 November 2014 20:27:51 UTC