[arca_vorago]

DNSCurve and DNSCrypt are the better solutions for slightly different problems that I think we should be pushing.

[jgrahamc]

Come work at CloudFlare! Let's get working on that.

[arca_vorago]

It's good to see CloudFlare continuing to embrace security as it evolves. I saw the AMA Matthew Prince did where he said he was concerned about ICANN giving control to the UN, which is a bigger deal than most admit, and he also said he was against regionalization of the net, another issue that doesn't get enough attention. Keep up the good work.

[jedisct1]

Are you serious about that?

[jgrahamc]

We're interested in making the Internet more secure. Go look at our history. Why would we not be thinking about ways to secure DNS etc. further?

[deftnerd]

Well said!

I know one thing I would like is Cloudflare doing something magical with Sub Resource Integrity.

Maybe if the source HTML specifies a SRI string, check that the hash in the HTML matches the hash of the resource before allowing it in your cache for that website. If it doesn't match, don't cache that resource and don't serve it.

This would allow sites to enable and enforce SRI without browser support.