Re: [whatwg] Subresource Integrity-based caching

2017-03-03 Thread Anne van Kesteren
On Fri, Mar 3, 2017 at 11:01 PM, Alex Jordan wrote: > On Fri, Mar 03, 2017 at 09:21:20AM +0100, Anne van Kesteren wrote: >> I think https://github.com/w3c/webappsec-subresource-integrity/issues/22 >> is the canonical issue, but no concrete ideas thus far. > > Great, thanks! I've

Re: [whatwg] Subresource Integrity-based caching

2017-03-03 Thread Roger Hågensen
I'd like to apologize to Alex Jordan for mistaking him for James Roper, and vice versa mistaking James Roper for Alex Jordan. In the previous email when I said "your" as in "your suggestion" I meant to refer that to Alex, while the hash stuff was meant for James. I got confused by a email

Re: [whatwg] Subresource Integrity-based caching

2017-03-03 Thread Roger Hågensen
On 2017-03-03 01:02, James Roper wrote: How about you miss-understanding the fact that a hash can only ever guarantee that two resources are different. A hash can not guarantee that two resources are the same. A hash do infer a high probability they are the same but can never

Re: [whatwg] Subresource Integrity-based caching

2017-03-03 Thread Anne van Kesteren
On Thu, Mar 2, 2017 at 6:07 PM, Domenic Denicola wrote: > I don't know what the latest is on attempting to get around this, although > that document suggests some ideas. I think https://github.com/w3c/webappsec-subresource-integrity/issues/22 is the canonical issue, but no

Re: [whatwg] Subresource Integrity-based caching

2017-03-02 Thread James Roper
On 3 Mar. 2017 00:09, "Roger Hågensen" wrote: On 2017-03-02 02:59, Alex Jordan wrote: > Here's the basic problem: say I want to include jQuery in a page. I > have two options: host it myself, or use a CDN. > Not to be overly pedantic but you might re-evaluate the need

Re: [whatwg] Subresource Integrity-based caching

2017-03-02 Thread Domenic Denicola
Hi Alex! Glad to have you here. This is indeed a popular idea. The biggest problem with it is privacy concerns. The best summary I've seen is at https://hillbrad.github.io/sri-addressable-caching/sri-addressable-caching.html. In particular if such a suggestion were implemented, any web page

Re: [whatwg] Subresource Integrity-based caching

2017-03-02 Thread Roger Hågensen
On 2017-03-02 02:59, Alex Jordan wrote: Here's the basic problem: say I want to include jQuery in a page. I have two options: host it myself, or use a CDN. Not to be overly pedantic but you might re-evaluate the need for jquery and other such frameworks. "HTML5" now do pretty much the same as

[whatwg] Subresource Integrity-based caching

2017-03-01 Thread Alex Jordan
Heya! So recently I've been thinking about caching on the web and think I've come up with a pretty neat trick to improve things. However before I go file a bunch of bugs against browsers I thought it prudent to get feedback from spec folks. Here's the basic problem: say I want to include jQuery