What would it take to get the w3/html5 folks simply add a src-hash="$algo:$value... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jasonjayr on Aug 13, 2015 \| parent \| context \| favorite \| on: WebRTC file sharing broker using Elixir Phoenix What would it take to get the w3/html5 folks simply add a src-hash="$algo:$value" to any tag that can load remote resources? Seems like a low-impact way to significantly boot the usefulness + security of CDN's. If the source page (requested over https, and presumedly not MITM'ed already) declares "I want to load that resource over there, and I expect it to hash to this value", then we get all the benefits of caching + trust that it has not been tampered.

martindale on Aug 13, 2015 | [–]

This exists, subresource integrity: http://www.w3.org/TR/SRI/

deanc on Aug 13, 2015 | [–]

Last time I saw this mentioned someone posted s link to the w3 pointing out that it is in fact being discussed for future implementation.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact