- From: Joseph Lorenzo Hall <joe@cdt.org>
- Date: Fri, 8 May 2015 15:37:31 -0400
- To: Brad Hill <hillbrad@fb.com>
- Cc: "public-privacy@w3.org" <public-privacy@w3.org>
Hi Brad, are you willing to field some questions or would you rather we send you some batch feedback as a group from PING? best, Joe On Thu, May 7, 2015 at 5:15 PM, Brad Hill <hillbrad@fb.com> wrote: > Hello, > > The Web Application Security Working Group requests wide review of the following specification. > > Subresource Integrity > http://w3c.github.io/webappsec/specs/subresourceintegrity/ > > The group requests feedback via public-webappsec@w3.org with [SRI] in subject line, ideally before 2015-05-26. > > This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. Specifically, this version uses hashed metadata annotations delivered as a new "integrity" attribute of the <script> and <link> tags. > > Level 1 is intended as a "minimum viable" release, targeting what the group believes to be a few high-value use cases with the most manageable requirements, in order to learn how such a mechanism will interact with the large scale architecture of the Web, before proceeding to additional features and scenario targets. > > The group has specifically asked for feedback on the following: > > ============================================ > Fetch Integration > Privacy and Security Considerations > CORS interactions > Future Considerations regarding broader integration into other HTML elements Extensibility ============================================ > > Sincerely, > > Brad Hill > Co-chair, WebAppSec WG > -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
Received on Friday, 8 May 2015 19:38:22 UTC