Sean R. Lynch ☑️ is a user on literati.org. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Christopher Lemmer Webber @cwebber@octodon.social

The Switter stuff is a good reminder about why I'm so very uncomfortable with Cloudflare. I'm not blaming the people behind Cloudflare, who I think know and have expressed why FOSTA is dangerous, but rather Cloudflare's fundamental positioning as a source of centralization.

Content Addressed Storage > Content Delivery Networks

Sean R. Lynch ☑️ @seanl

@cwebber Back in the mid '90s I figured everyone would build their own "pull" caching infrastructure. But it always seemed as if the web was being intentionally built to sabotage any such effort. And now TLS makes it pretty much impossible.

Something like CoralCDN with self-certifying URLs and the ability/expectation for providers to PITM it might work. You'd need some way to get around the mixed content problem, though.

· 0 · 1
Hallå Kitteh @clacke@social.heldscal.la
@seanl @cwebber I have seen people starting to add integrity attributes with shasums to their css and javascript links. IF only the content needs to be secure, and not e.g. the metadata of what was downloaded by whom, a browser respecting such an attribute should be able to discard the mixed content problem and even the validity of certs.
Sean R. Lynch ☑️ @seanl

@clacke @cwebber Is there a standard for this that browsers could use to get rid of the warning?

Hallå Kitteh @clacke@social.heldscal.la
@seanl @cwebber Not that I'm aware of. Maybe there should be. But if users expect eavesdroppers on the local network to not be able to see their content, this might break that expectation. So this is an area where speccers and implementers need to tread lightly.
literati.org powered by Mastodon