Re: Caching of web content based on hashes? from Richard Barnes on 2015-09-03 (public-webappsec@w3.org from September 2015)

From: Richard Barnes <rbarnes@mozilla.com>
Date: Thu, 3 Sep 2015 11:04:51 -0400
To: Christian Nygaard <christiannygaard@gmail.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CAOAcki9Zd9N6QTsOANc5wdEu25fbQ0YQh7QMQyjKABSX8+Bzew@mail.gmail.com>

This was discussed during the development of SRI.  It was not added because
it would provide the ability for a calling site to "speak for" another
origin, in the sense that the browser would load the content even the
origin server would have sent something completely different.

--Richard

On Wed, Sep 2, 2015 at 5:33 PM, Christian Nygaard <
christiannygaard@gmail.com> wrote:

> Is it possible to extend the Subresource integrity specification to allow
> for caching of web content based on hashes instead of max-age? This would
> allow for longer caching of objects and may speed up the web due to making
> cache control easier for web developers and proxies.
>
> http://w3c.github.io/webappsec/specs/subresourceintegrity/
>
> Best regards,
> Christian Nygaard
>

Received on Thursday, 3 September 2015 15:05:20 UTC