W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2015

[SRI] Unmentioned use case: caching

From: Ian Denhardt <ian@zenhack.net>
Date: Sun, 20 Dec 2015 16:25:39 -0500
To: public-webappsec@w3.org
Message-ID: <145064673948.4372.14728861030824482000@rook>
Hey all,

I was bouncing around some ideas the other day and came up with what
basically amounts to SRI. I figured someone must have thought of this so
asked a friend, and turns out yep, folks are working on it. Interesting
thing is: I had a completely different use case in mind for the same
mechanism specified.

The presence of the integrity attribute could be used for caching
purposes. This has some neat properties:

* No need to check modification times/etags with the server before using
  the cached entry; the hash tells you what the content is, so you know
  whether your cache is up to date without making any extra requests.
* As a corollary, cache entries based on integrity don't need to have a
  notion of expiration.
* The cache entry can be valid even for different URLs. For example the
  browser can download one copy of jquery *ever*, even for sites that
  link to it on different CDNs.

The spec doesn't mention this use case at all. Thoughts?

I'm not subscribed to the list, so please Cc me in any responses.

-Ian

Received on Sunday, 20 December 2015 21:22:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:16 UTC