The first are Content-Signature (signed with the TLS key perhaps)and Content-Hash (format: "hash-algo base64-hash-value") headers.
The second is allowing a hash and/or signature attributes on elements that have a src attribute. This would allow the UA to check if the file is already cached (across domains perhaps too, though I'm not sure how serious collision attacks would be) without having to check the server.
EDIT: I feel that these two features, in combo, would allow for a more secure method of using CDNs for things such as javascript libraries. They would also allow a better fallback method for loading local resources than what is used now.
Yes, that is what my response was in response to. In fact I believe I link to it (not the github version but on the ietf site).
However, I felt that some of the points I brought up in what I'd like to see were relevant to this discussion, even if the entire blog post isn't. This is why I highlight the points that are relevant in my comment.
In http://jimkeener.com/posts/http I have two things which I think would be great additions to both HTTP and HTML.
The first are Content-Signature (signed with the TLS key perhaps)and Content-Hash (format: "hash-algo base64-hash-value") headers.
The second is allowing a hash and/or signature attributes on elements that have a src attribute. This would allow the UA to check if the file is already cached (across domains perhaps too, though I'm not sure how serious collision attacks would be) without having to check the server.
EDIT: I feel that these two features, in combo, would allow for a more secure method of using CDNs for things such as javascript libraries. They would also allow a better fallback method for loading local resources than what is used now.