Re: Hashes. from Dionysis Zindros on 2013-12-18 (public-webappsec@w3.org from December 2013)

From: Dionysis Zindros <dionyziz@gmail.com>
Date: Wed, 18 Dec 2013 10:55:30 -0800
To: "Hill, Brad" <bhill@paypal.com>
Cc: Joel Weinberger <jww@google.com>, Garrett Robinson <grobinson@mozilla.com>, Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Neil Matatall <neilm@twitter.com>, Adam Barth <w3c@adambarth.com>, "Daniel Veditz <dveditz@mozilla. com>" <dveditz@mozilla.com>
Message-ID: <CAE-c3mdjGkr8Ox2KfAcsJKPM6=bR2ghdtA1J2-t15PS_zos5LA@mail.gmail.com>

You're right, let's remove the "SHOULD" and make this a simple suggestion?

On Fri, Dec 13, 2013 at 6:13 AM, Hill, Brad <bhill@paypal.com> wrote:
>
>> If the user agent fails to match hash-value, the user agent SHOULD
>> report a warning message in the developer console containing the
>> actual hash value.
>
> I don't disagree that this is a good idea, but we usually avoid specifying normative behavior for internal, implementation-dependent details like debugging consoles.  We could have a non-normative suggestion or note, but I don't think a RFC 2119 'SHOULD' is appropriate.  This isn't something we can or would want to test for interoperability, for example.
>
> -Brad
>

Received on Wednesday, 18 December 2013 18:56:17 UTC