ISSUE-72: How to apply integrity verification to large / streaming downloads

Streaming Integrity

How to apply integrity verification to large / streaming downloads

State:
RAISED
Product:
Subresource Integrity Level 2
Raised by:
Devdatta Akhawe
Opened on:
2014-11-17
Description:
Subresource integrity is useful, but it leads to blocking until an entire resource is fetched and hashed. This is OK for JavaScript as it is not incrementally loaded, but severely limits the use of SRI for other types of content like streams or large objects that might be progressively rendered.

Adam Langley has proposed using an unbalanced Merkle tree to accomplish this:

http://lists.w3.org/Archives/Public/public-webappsec/2014Jan/0088.html

But it needs further investigation and specification.

There may be other issues to explore here if applications do not define explicit segmentation at layer 7, e.g.:

http://lists.w3.org/Archives/Public/public-webappsec/2014Jan/0102.html
Related Actions Items:
No related actions
Related emails:
No related emails

Related notes:

No additional notes.

Display change log ATOM feed


Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 72.html,v 1.1 2020/01/17 08:52:43 carcone Exp $