Let's include sha-384 then. On Thu, Jan 8, 2015 at 10:06 AM, Mike West <mkwst@google.com> wrote: > Seems pretty reasonable to align the two specs. Might as well give some > flexibility in terms of truncation. > > -mike > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth > Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) > > On Wed, Jan 7, 2015 at 6:16 PM, Joel Weinberger <jww@chromium.org> wrote: > >> Not surprisingly, as the Chromium implementor, I support including >> sha-384. This would also be consistent with the CSP Editor's draft: >> https://w3c.github.io/webappsec/specs/content-security-policy/ >> >> >> On Tue Jan 06 2015 at 7:19:48 PM Francois Marier <francois@mozilla.com> >> wrote: >> >>> Should we include sha-384 as a mandatory algorithm to support? >>> >>> The Chromium [1] and Firefox [2] implementations both support it and >>> it's part of CSP Level 2 [3]. >>> >>> Francois >>> >>> [1] >>> https://code.google.com/p/chromium/codesearch#chromium/ >>> src/third_party/WebKit/Source/core/frame/SubresourceIntegrity.cpp&sq= >>> package:chromium&type=cs&l=66 >>> >>> [2] >>> https://bitbucket.org/fmarier/mozilla-central-mq-992096/src/ >>> 4a686871b1cda481e8eb6044ee2015438c1ae12b/bug992096.patch?at= >>> default#cl-1115 >>> >>> [3] http://www.w3.org/TR/CSP2/#source-list-valid-hashes >>> >>> >
Received on Thursday, 8 January 2015 12:24:13 UTC