undefined | Better HN

0 pointsthadt5mo ago0 comments

I'll actually argue that you're arguing exactly what I'm arguing :)

My comment near the end is that we absolutely need transparency - just that what we need tracked more than all the code ever run under a URL is that one signing key. All your points are right: users aren't going to check it. It needs to be automatic and it needs to be distributed in a way that browsers and site owners can be confident that the code being run is the code the site owner intended to be run.

0 comments

doomrobo5mo ago

Gotcha, yeah I agree. Fwiw, with the imagined code signing setup, the pubkey will be committed to in the transparency log, without any extra work. The purpose of the plugin is to give the browser the ability to parse (really fetch, then parse) those extension values into a meaningful policy. Anyways I agree, it'd be best if this part were built into the browser too.

j / k navigate · click thread line to collapse

0 pointsthadt5mo ago0 comments

I'll actually argue that you're arguing exactly what I'm arguing :)

0 comments

doomrobo5mo ago

j / k navigate · click thread line to collapse