Re: [SRI] Escaping mixed-content blocking for video distribution

>​I think that is about enabling the server to authenticate the request.
>What I think we need is for the UA to verify that the request processed
>by the server was the same as the one it sent, so that the ​
>​UA can be sure the traffic is not subject to attacks such as the Verizon

It's too late at that point, isn't it? You've been identified to the
server (and anyone in the middle).

I believe the concerns blocking consensus are regarding the privacy, not
the integrity, of requests, so not sure this is a productive track to head


Received on Wednesday, 12 November 2014 20:27:51 UTC