CloudFlare Keyless SSL WAS Re: Snowden on the Twitters

Alfie John alfiej at
Wed Sep 30 13:52:18 PDT 2015

On Thu, Oct 1, 2015, at 01:50 AM, Travis Biehn wrote:
> What would be solid is if there were a browser module that did several
> things: Eliminated JavaScript dynamic calls (eval, new function(),
> setTimeout, setInterval, so on.) Eliminate 3rd party assets. Allowed
> web assets to be signed. Allowed sets of web assets to be versioned
> (and attested to by 3rd parties.)
> The combination of signing, versioning and lack of dynamic features
> paves the way for uninjectable, client-side in browser
> encryption/decryption. Something AFAIK we cannot do today. Is anyone
> working on it?

So Nginx has a built-in module "ngx_http_gzip_module" which does the
following (if "Accept-Encoding: gzip" was part of the request headers) :

  - Sees request for "foo.html"
  - Checks if "foo.html.gz" exists
  - If so, serves that in place of the "foo.html"
  - If not, gzips "foo.html" on the fly

What would be nice is an Nginx module which did the same type of thing,
but for hashing the body:

  - Sees request for "foo.html"
  - Checks if "foo.html.sha256" exists
  - If so, serves "foo.html" along with "Content-Hash: <sha256>" header,
    taken from contents of "foo.html.sha256"
  - If not, serves "foo.html" along with "Content-Hash: <sha256>"
    header, but calculated on the fly

This would be a cheap and easy way to get some form of content hashing.



  Alfie John
  alfiej at

More information about the cypherpunks mailing list