An oldie, somewhat OT.
I enjoyed CF's bit of engineering here - of course CF is still a point
where they are working with injectable plaintext. At least they don't have
your private key material.
https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/
What would be solid is if there were a browser module that did several
things:
Eliminated JavaScript dynamic calls (eval, new function(), setTimeout,
setInterval, so on.)
Eliminate 3rd party assets.
Allowed web assets to be signed.
Allowed sets of web assets to be versioned (and attested to by 3rd parties.)
Dynamic HTML and JS (read, non-static HTML & JS) would not be supported.
The combination of signing, versioning and lack of dynamic features paves
the way for uninjectable, client-side in browser encryption/decryption.
Something AFAIK we cannot do today. Is anyone working on it?
-Travis
On Wed, Sep 30, 2015 at 11:23 AM, Georgi Guninski
On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote:
How this scores on twatter:
1.03 meeelion followers for about 23 hours on twatter? (not sure about the error terms).
-- Twitter https://twitter.com/tbiehn | LinkedIn http://www.linkedin.com/in/travisbiehn | GitHub http://github.com/tbiehn | TravisBiehn.com http://www.travisbiehn.com | Google Plus https://plus.google.com/+TravisBiehn