W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2013

Re: Hashes.

From: Dionysis Zindros <dionyziz@gmail.com>
Date: Wed, 18 Dec 2013 10:55:30 -0800
Message-ID: <CAE-c3mdjGkr8Ox2KfAcsJKPM6=bR2ghdtA1J2-t15PS_zos5LA@mail.gmail.com>
To: "Hill, Brad" <bhill@paypal.com>
Cc: Joel Weinberger <jww@google.com>, Garrett Robinson <grobinson@mozilla.com>, Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Neil Matatall <neilm@twitter.com>, Adam Barth <w3c@adambarth.com>, "Daniel Veditz <dveditz@mozilla. com>" <dveditz@mozilla.com>
You're right, let's remove the "SHOULD" and make this a simple suggestion?

On Fri, Dec 13, 2013 at 6:13 AM, Hill, Brad <bhill@paypal.com> wrote:
>> If the user agent fails to match hash-value, the user agent SHOULD
>> report a warning message in the developer console containing the
>> actual hash value.
> I don't disagree that this is a good idea, but we usually avoid specifying normative behavior for internal, implementation-dependent details like debugging consoles.  We could have a non-normative suggestion or note, but I don't think a RFC 2119 'SHOULD' is appropriate.  This isn't something we can or would want to test for interoperability, for example.
> -Brad
Received on Wednesday, 18 December 2013 18:56:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:35 UTC