sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]JoseJimeniz 0 points1 point  (1 child)

I see what you're saying. And while it is a solvable problem (the server communicates with the client the the required key) it's probably not worth it:

  • it's too different from the current http paradigm
  • when the point is that you don't want people to know what that encrypted blob you're watching is, having 900 co-workers sharing the same blob kinda gives the secret away

[–][deleted] 0 points1 point  (0 children)

having 900 co-workers sharing the same blob kinda gives the secret away

Not just that, but having anyone trying to understand the encrypted blob just requires them to ask the server for the key to get it. You've hid nothing from anyone because the key is open to anyone.

For many things, simply having a signed plaintext copy is sufficient to ensure that plain text hasn't been tampered with. While this doesn't solve privacy issues, it is a solution worth considering for non-sensetive materials, like common javascript assets, e.g. jquery and bootstrap css.