undefined | Better HN

0 pointstinco12y ago0 comments

Please note the implications of this. The signed javascript would have to be hosted on a separate third party website, and it would have to be the _only_ script content of the website.

Since code can be executed by almost every resource on a webpage, basically the entire would have to be stored on that separate third party website, the html, the css, maybe throw in the images too given their history of weird exploits.

Not saying that's a very crazy idea, but I'm saying it's way beyond the scope of these opal guys, and probably not what most people 'working out' browser crypto are after.

0 comments

2 comments · 1 top-level

jerrya12y ago· 1 in thread

And yet, jsquery works that way, doesn't it? Everyone pulls jsquery in from basically one site...

Does the entire website have to be on that separate third party location, or just a self-booting kernel of crypto to enable a signed website to be downloaded from the desired source?

elithrar12y ago

> And yet, jsquery works that way, doesn't it? Everyone pulls jsquery in from basically one site...

Not everyone (not even close). Many do, but if I'm running a site over SSL I'm going to be hosting my own copy of the jQuery libs.

j / k navigate · click thread line to collapse