|
|
|
|
|
|
by jakeogh
2410 days ago
|
|
|
Ah, I misunderstood your mention of black boxes. This is not for black boxes. It only makes sense for open source. I agree it wont work for a black box that you cant audit. If the browser is side-channeling by asking for scheme://some.thing/enc_data_sent_here -> enc_data_recieved when the middleware hands the GET back, then atleast the user can decide if they want to honor that GET request and figure out why the browser made it, and remove that code. The browser should have no crypto code in it. Linking to a SSL/crypto lib would be a bug as I mentioned. I spend quite a bit of time railing on JS. Executing arb code is fundamentally a bad idea (Halting Problem). https://hn.algolia.com/?dateRange=all&query=jakeogh%20%22dis... |
|
|
> This page will only work with JavaScript enabled
Really!? Why the hell would you link to that?