Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, the HTML file itself goes through, and is checked by, the Service Worker as well. https://developer.mozilla.org/en-US/docs/Web/API/Service_Wor...:

> A service worker is (...) intercepting and modifying navigation and resource requests



Oh yes, as if it was an offline app when initiated. Interesting. You should really make this more broadly available and perhaps build service around it. If you can make it security sounded, then I’m sold. Perhaps, it solves the trust issue of JavaScript. For the fun of it, maybe throw in some blocktrain tech or something to enhance that trust model of yours. Would love to see how this gets developed.


> Perhaps, it solves the trust issue of JavaScript.

Yes, that is the intention :)

> For the fun of it, maybe throw in some blocktrain tech or something to enhance that trust model of yours.

Instead of using GitHub as a public log, it's possible to use a publicly verifiable cryptographic log: https://wiki.mozilla.org/Security/Binary_Transparency

That would move the trust from GitHub to that public log. However, GitHub provides us not just the "publicly verifiable update" part, but also the "authenticated update" part. In other words, how do you know that the person putting something in a blockchain is the owner of the website? You'd need a public key, and then not lose it, etc. But it's indeed possible.


This is a really interesting train of thought that I wasn't familiar with. Thanks for pointing out Binary Transparency, and I'll be eager to see where your product goes!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: