W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: Subresource integrity in Chromium

From: Mike West <mkwst@google.com>
Date: Wed, 24 Sep 2014 16:47:18 +0200
Message-ID: <CAKXHy=cW7ZgZ9WFFmzkWQUQJSmkOb81Grn0f27a11Wqqty2Cbg@mail.gmail.com>
To: Ilya Grigorik <igrigorik@gmail.com>
Cc: "Hill, Brad" <bhill@paypal.com>, Joel Weinberger <jww@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
As outlined in the (really, really long) intent to implement thread (
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/hTDUpMk_TV8),
the plan is to get the verification working first, and make sure we aren't
so hamstrung by optimizing proxies that rolling it out is at all reasonable.

If we get there, then we can start arguing with folks about how to do
caching safely.

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Wed, Sep 24, 2014 at 4:39 PM, Ilya Grigorik <igrigorik@gmail.com> wrote:

> Great to see this! Curious, any plans to implement the optional caching
> mechanism(s)?
>
> On Wed, Sep 24, 2014 at 7:09 AM, Mike West <mkwst@google.com> wrote:
>
>> It's behind chrome://flags/#enable-experimental-web-platform-features,
>> and I'd expect Joel's work to end up in Canary in a day or three.
>>
>> -mike
>>
>> --
>> Mike West <mkwst@google.com>
>> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>>
>> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
>> Registergericht und -nummer: Hamburg, HRB 86891
>> Sitz der Gesellschaft: Hamburg
>> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>>
>> On Wed, Sep 24, 2014 at 5:11 AM, Hill, Brad <bhill@paypal.com> wrote:
>>
>>> That's awesome.  What's the flag?  How do we try it?
>>>
>>> On Sep 23, 2014, at 4:19 PM, Joel Weinberger <jww@chromium.org> wrote:
>>>
>>> > An initial implementation of SRI behind an experimental flag *only*
>>> for secure hosts to secure resources (and only for scripts) just landed on
>>> tip-of-tree Blink: https://codereview.chromium.org/566083003/. I plan
>>> on adding in style tag support soon.
>>> > --Joel
>>>
>>>
>>>
>>
>
Received on Wednesday, 24 September 2014 14:48:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC