Trusted CDNs without gatekeepers
2022-07-24, 14:00–14:50, Battery 🔋

I want a Web where CDNs are unnecessary.

Where different organizations, different website operators, can help each other out by hosting assets for each others' websites, thus spreading the load across many orgs in solidarity, instead of centralizing it in gatekeepers.

I believe I might slowly be getting to a point of having a decent answer to that question. No blockchain required.

What if I told you the code for this is already mostly there?

All major browsers support Service Workers and Subresource Integrity, which means we can have a piece of JS that:
1. only gets updated from the original domain
2. handles all requests for the website
3. routes these requests to the original domain, or hits third party endpoints when the original domain is unavailable for whatever reason
4. has ways of distributing and checking Subresource Integrity on any fetched resource.

And we do!

Points 1. and 2. are assured by Service Workers API, so browsers enforce that.

Point 3. can be achieved with LibResilient's the alt-fetch plugin.

Point 4. is the job of LibResilient's signed-integrity plugin.

This is all very PoC. Documentation is lacking or non-existent. But it's already there, ready to be tested and improved.

Information Security ISNIC, the .is DNS registry. Co-founder of the Technical Error Correction Collective. Tech, policy, and activism background. Previously Chief Information Security Officer / Head of INfrastructure at OCCRP.

Co-operated with a number of EU-based organisations working in the digital human rights area and participated in a bunch of Internet governance meetings. Main policy interests: information security, privacy in the digital age, Internet governance (including censorship, surveillance, Net Neutrality), copyright reform, digital media literacy.

This speaker also appears in: