Allowing pages to verify Ed25519 signatures before executing script seems like a nicely-deployable variant of SRI (also, it annoys @sleevi_)https://twitter.com/intenttoship/status/895222060649152513 …
-
-
It's about operational overhead more than it is about added capability. Detaching creates new opportunities for destructive laziness.
-
Well, we could try it and see. Seems unlikely to become worse than HPKP. The experiment can always be canceled.
-
Reminds me of that genius that warned everybody that redaction in CT was terrible & unnecessary & too complex to implement. Ended up OK.
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
