undefined | Better HN

0 pointsjopsen5y ago0 comments

Crazy idea: Why not serve an initial page over HTTP, and then implement encryption in JS using webcrypto for all subsequent calls.

I'm not sure self-signed HTTPS can do much better than this anyways.

(Yes, yes, it's a crazy idea, hehe)

0 comments

dylz5y ago

You can no longer do webcrypto because the initial page is compromised.

Self signed HTTPS works for this case as long as you know the fingerprint/cert to accept.

jopsenOP5y ago

Oh, yeah... webcrypto only works on HTTPS.

So you would need to ship a crypto library in JS, hehe :)

Self-signed certs probably does work, if you install the certificate root on your machine. It just not something you would advice end-users to do.

dylz5y ago

The other problem is shipping a crypto library if the entire page and script is not served over HTTPS means that it's no longer useful, because the crypto library is compromised.

j / k navigate · click thread line to collapse

0 pointsjopsen5y ago0 comments

Crazy idea: Why not serve an initial page over HTTP, and then implement encryption in JS using webcrypto for all subsequent calls.

I'm not sure self-signed HTTPS can do much better than this anyways.

(Yes, yes, it's a crazy idea, hehe)

0 comments

dylz5y ago

You can no longer do webcrypto because the initial page is compromised.

Self signed HTTPS works for this case as long as you know the fingerprint/cert to accept.

jopsenOP5y ago

Oh, yeah... webcrypto only works on HTTPS.

So you would need to ship a crypto library in JS, hehe :)

Self-signed certs probably does work, if you install the certificate root on your machine. It just not something you would advice end-users to do.

dylz5y ago

The other problem is shipping a crypto library if the entire page and script is not served over HTTPS means that it's no longer useful, because the crypto library is compromised.

j / k navigate · click thread line to collapse