CloudFlare Keyless SSL WAS Re: Snowden on the Twitters
Travis Biehn
tbiehn at gmail.com
Wed Sep 30 08:50:41 PDT 2015
An oldie, somewhat OT.
I enjoyed CF's bit of engineering here - of course CF is still a point
where they are working with injectable plaintext. At least they don't have
your private key material.
https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/
What would be solid is if there were a browser module that did several
things:
Eliminated JavaScript dynamic calls (eval, new function(), setTimeout,
setInterval, so on.)
Eliminate 3rd party assets.
Allowed web assets to be signed.
Allowed sets of web assets to be versioned (and attested to by 3rd parties.)
Dynamic HTML and JS (read, non-static HTML & JS) would not be supported.
The combination of signing, versioning and lack of dynamic features paves
the way for uninjectable, client-side in browser encryption/decryption.
Something AFAIK we cannot do today. Is anyone working on it?
-Travis
On Wed, Sep 30, 2015 at 11:23 AM, Georgi Guninski <guninski at guninski.com>
wrote:
> On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote:
> > https://twitter.com/Snowden
>
> How this scores on twatter:
>
> 1.03 meeelion followers for about 23 hours on twatter?
> (not sure about the error terms).
>
>
--
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2424 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150930/ec600e1a/attachment-0002.txt>
More information about the cypherpunks
mailing list