ISSUE-72: How to apply integrity verification to large / streaming downloads
Streaming Integrity
How to apply integrity verification to large / streaming downloads
- State:
- RAISED
- Product:
- Subresource Integrity Level 2
- Raised by:
- Devdatta Akhawe
- Opened on:
- 2014-11-17
- Description:
- Subresource integrity is useful, but it leads to blocking until an entire resource is fetched and hashed. This is OK for JavaScript as it is not incrementally loaded, but severely limits the use of SRI for other types of content like streams or large objects that might be progressively rendered.
Adam Langley has proposed using an unbalanced Merkle tree to accomplish this:
http://lists.w3.org/Archives/Public/public-webappsec/2014Jan/0088.html
But it needs further investigation and specification.
There may be other issues to explore here if applications do not define explicit segmentation at layer 7, e.g.:
http://lists.w3.org/Archives/Public/public-webappsec/2014Jan/0102.html - Related Actions Items:
- No related actions
- Related emails:
- No related emails
Related notes:
No additional notes.
Display change log