Any operators of new TLDs want HSTS for the whole TLD? https://www.imperialviolet.org/2014/07/06/newtlds.html …
@sleevi_ @randomoracle @agl__ @fugueish subresource integrity would also help a lot here
-
-
@bascule@randomoracle@agl__@fugueish Or just hosting the damn script on your domain if you care about security ;) -
-
@randomoracle@sleevi_@agl__@fugueish subresource integrity ensures that 3rd-party 0wnage is, at worst, a DoS attack -
@bascule@randomoracle@agl__@fugueish Only for the X% of users with hypothetical SRI. Different threat model to solve than CSP. -
@sleevi_@randomoracle@agl__@fugueish yeah, SRI is more like a wishlist item. In the meantime CSP is pretty cool
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.