- From: Francois Marier <francois@mozilla.com>
- Date: Wed, 07 Jan 2015 16:16:49 +1300
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Should we include sha-384 as a mandatory algorithm to support? The Chromium [1] and Firefox [2] implementations both support it and it's part of CSP Level 2 [3]. Francois [1] https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/Source/core/frame/SubresourceIntegrity.cpp&sq=package:chromium&type=cs&l=66 [2] https://bitbucket.org/fmarier/mozilla-central-mq-992096/src/4a686871b1cda481e8eb6044ee2015438c1ae12b/bug992096.patch?at=default#cl-1115 [3] http://www.w3.org/TR/CSP2/#source-list-valid-hashes
Received on Wednesday, 7 January 2015 03:17:23 UTC