Not sure why this is being downvoted. It's a reasonable point. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sarciszewski on Oct 1, 2015 \| parent \| context \| favorite \| on: Do not let your CDN betray you: Use Subresource In... Not sure why this is being downvoted. It's a reasonable point.

icebraining on Oct 1, 2015 [–]

It's not. If browser vendors thought that the potential for breaking a decent hash function was a real threat, they would also not implement HTTPS, signed updates, etc, all of which depend on the trust in hash based signatures.

sarciszewski on Oct 2, 2015 | [–]

I, for one, welcome EdDSA signing of Javascript resources.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact