On Mon, Mar 18, 2024, at 16:11, Mohit Sethi via Datatracker wrote:
One thing that I wondered while reading is how the integrity of the script blobis ensured? How does the receiver verify the integrity of the binary scriptcontent received?
I'm not sure the threat model you're worried about here.
The server gives a blobId for uploaded content and you use the ID. The server says that this blobId will give the same content if used later.
Either the server is trustworthy and it acts on the same content, or the server isn't trustworthy and ... then what's the difference? It could substitute anything no matter whether the data is uploaded concurrently or separately.
Bron.
--
Bron Gondwana, CEO, Fastmail Pty Ltd
brong@xxxxxxxxxxxxxxxx
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call