- From: Jonathan Kingston <jonathan@jooped.co.uk>
- Date: Mon, 21 Dec 2015 02:15:04 +0000
- To: Ian Denhardt <ian@zenhack.net>, public-webappsec@w3.org
- Message-ID: <CAKrjaaV=5uJDtOCqj+S4kHXEd=N8sKz1D6B5ET3XR8yxo-yFvA@mail.gmail.com>
Hi Ian, I believe it wasn't mentioned because it was outside of the groups charter. It has been mentioned in various ways regarding SRI however I'm not sure it has had any progress as such. This might actually be something that is more applicable bringing up in a different group though I'm not exactly sure which one however the WICG discourse group might be a start: http://discourse.wicg.io/. I suspect it would likely be added to WHATWG fetch. Thanks On Sun, Dec 20, 2015 at 9:24 PM Ian Denhardt <ian@zenhack.net> wrote: > Hey all, > > I was bouncing around some ideas the other day and came up with what > basically amounts to SRI. I figured someone must have thought of this so > asked a friend, and turns out yep, folks are working on it. Interesting > thing is: I had a completely different use case in mind for the same > mechanism specified. > > The presence of the integrity attribute could be used for caching > purposes. This has some neat properties: > > * No need to check modification times/etags with the server before using > the cached entry; the hash tells you what the content is, so you know > whether your cache is up to date without making any extra requests. > * As a corollary, cache entries based on integrity don't need to have a > notion of expiration. > * The cache entry can be valid even for different URLs. For example the > browser can download one copy of jquery *ever*, even for sites that > link to it on different CDNs. > > The spec doesn't mention this use case at all. Thoughts? > > I'm not subscribed to the list, so please Cc me in any responses. > > -Ian >
Received on Monday, 21 December 2015 02:15:46 UTC