On 13.04.2015 20:52, david.a.p.ll...@gmail.com wrote: > >> 2) Protected by subresource integrity from a secure host >> >> This would allow website operators to securely serve static assets from >> non-HTTPS servers without MITM risk, and without breaking transparent >> caching proxies. > > Is that a complicated word for SHA512 HASH? :) You could envisage a new http > URL pattern http://video.vp9?<SHA512-HASH>
I suppose Subresource Integrity would be http://www.w3.org/TR/SRI/ - But, note that this will not give you extra security UI (or less warnings): Browsers will still disable scripts served over HTTP on an HTTPS page - even if the integrity matches. This is because HTTPS promises integrity, authenticity and confidentiality. SRI only provides the former. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
