W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2014

Re: [integrity] What should we hash?

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 11 Apr 2014 08:15:41 +1000
Cc: Boris Zbarsky <bzbarsky@mit.edu>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-Id: <0BB2ED3C-BE8A-4189-9A2E-F69985EA2DE4@mnot.net>
To: Devdatta Akhawe <dev.akhawe@gmail.com>

On 11 Apr 2014, at 3:56 am, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:

> Mark said:
>> --8<--
>> The hash is calculated against the representation <http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-26#section-3.1.1.5> without any content-codings applied, except when there is an explicit flag that the content is to be consumed with content-encodings (e.g., saving a gzip'd file to disk).
>> -->8---
> 
> Oops! Yeah, you are right and you had already clarified this. That was
> a mistake in my email. Sorry about that. Although, I don't know what
> you mean by "explicit flag" above. Whats the explicit flag when
> gzip'ed files are downloaded?

'explicit flag' may be the wrong phrase -- maybe "expressed intent by the user or origin"?

--
Mark Nottingham   http://www.mnot.net/
Received on Thursday, 10 April 2014 22:16:12 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC