- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 2 Feb 2016 14:54:13 +0100
- To: Richard Barnes <rbarnes@mozilla.com>
- Cc: Eric Mill <eric@konklone.com>, Ben Wilson <ben.wilson@digicert.com>, Jim Manico <jim.manico@owasp.org>, Mike West <mkwst@google.com>, Jim Manico <jim@manicode.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Feb 2, 2016 at 2:41 PM, Richard Barnes <rbarnes@mozilla.com> wrote: > That's part of why priming is nice -- it gives you the determinism of > preloading, while letting you trade an RTT for not preloading. Yeah. The main problem with priming is that it gives an attacker a chance so it's not a complete alternative and less than ideal when you consider navigations as well rather than just mixed content. (It's a step up from where we are today, for sure.) And an alternative where a browser hosts the preload table would give the browser insight where the user is going (and perhaps slow things down unacceptably). Meh. -- https://annevankesteren.nl/
Received on Tuesday, 2 February 2016 13:54:39 UTC