Re: http+aes

mån 2012-03-05 klockan 23:29 +0000 skrev Ian Hickson:

> >     Content-Encoding: aes-ctr-128; keyid=0x34751806
> >     Cache-control: no-transform
> 
> This would require changes at the intermediaries.

Depends on the CDN model. Any CDN seeded by fetching content over HTTP
from some master server should do fine.

Content-Encoding is a property of the object injected into the CDN.

> It would also require a 
> mechanism to link keys to IDs, which is non-trivial given the same-origin 
> policy, multiple browsing contexts, subresources, etc.

why do same-origin pose a problem?

You mean because the plugin can not fetch http://some.other.domain/key?

Just provide the key information in whatever references the encrypted
URL. Hinting a keyid in the encrypted resource response is not really
needed, it's sufficient to say that it's encrypted.

Regards
Henrik

Received on Wednesday, 7 March 2012 01:50:17 UTC