An oldie, somewhat OT. I enjoyed CF's bit of engineering here - of course CF is still a point where they are working with injectable plaintext. At least they don't have your private key material. https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/ What would be solid is if there were a browser module that did several things: Eliminated JavaScript dynamic calls (eval, new function(), setTimeout, setInterval, so on.) Eliminate 3rd party assets. Allowed web assets to be signed. Allowed sets of web assets to be versioned (and attested to by 3rd parties.) Dynamic HTML and JS (read, non-static HTML & JS) would not be supported. The combination of signing, versioning and lack of dynamic features paves the way for uninjectable, client-side in browser encryption/decryption. Something AFAIK we cannot do today. Is anyone working on it? -Travis On Wed, Sep 30, 2015 at 11:23 AM, Georgi Guninski <guninski@guninski.com> wrote:
On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote:
How this scores on twatter:
1.03 meeelion followers for about 23 hours on twatter? (not sure about the error terms).
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>