CloudFlare Keyless SSL WAS Re: Snowden on the Twitters
Alfie John
alfiej at fastmail.fm
Wed Sep 30 13:52:18 PDT 2015
On Thu, Oct 1, 2015, at 01:50 AM, Travis Biehn wrote:
> What would be solid is if there were a browser module that did several
> things: Eliminated JavaScript dynamic calls (eval, new function(),
> setTimeout, setInterval, so on.) Eliminate 3rd party assets. Allowed
> web assets to be signed. Allowed sets of web assets to be versioned
> (and attested to by 3rd parties.)
>
> The combination of signing, versioning and lack of dynamic features
> paves the way for uninjectable, client-side in browser
> encryption/decryption. Something AFAIK we cannot do today. Is anyone
> working on it?
So Nginx has a built-in module "ngx_http_gzip_module" which does the
following (if "Accept-Encoding: gzip" was part of the request headers) :
- Sees request for "foo.html"
- Checks if "foo.html.gz" exists
- If so, serves that in place of the "foo.html"
- If not, gzips "foo.html" on the fly
What would be nice is an Nginx module which did the same type of thing,
but for hashing the body:
- Sees request for "foo.html"
- Checks if "foo.html.sha256" exists
- If so, serves "foo.html" along with "Content-Hash: <sha256>" header,
taken from contents of "foo.html.sha256"
- If not, serves "foo.html" along with "Content-Hash: <sha256>"
header, but calculated on the fly
This would be a cheap and easy way to get some form of content hashing.
Thoughts?
Alfie
--
Alfie John
alfiej at fastmail.fm
More information about the cypherpunks
mailing list