W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2014

Re: [integrity] What should we hash?

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Tue, 22 Apr 2014 22:31:44 -0700
Message-ID: <CAPfop_23g61yjKNXmtoZN5TYhZOYHNrwqM1B6Q4OmHYQqQVyRw@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, "public-webappsec@w3.org" <public-webappsec@w3.org>

Based on this discussion (thanks Boris and Mark!), I pushed:
if you prefer html)

Mark: For, "expressed intent by the user or origin", can you give me
an example how the user/origin does this in case of gzip'ed files? To
me, it seems like a decision purely by the user agent.

For that reason, I used the term "except when user agent intends to
consume the content without content-encoding applied" instead of
"expressed intent ...."  I can add a parenthetical "(because of an
expressed intent by the user or origin)", but I am worried it is
making an already vague line even more vague.


On 10 April 2014 15:15, Mark Nottingham <mnot@mnot.net> wrote:
> On 11 Apr 2014, at 3:56 am, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
>> Mark said:
>>> --8<--
>>> The hash is calculated against the representation <http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-26#section-> without any content-codings applied, except when there is an explicit flag that the content is to be consumed with content-encodings (e.g., saving a gzip'd file to disk).
>>> -->8---
>> Oops! Yeah, you are right and you had already clarified this. That was
>> a mistake in my email. Sorry about that. Although, I don't know what
>> you mean by "explicit flag" above. Whats the explicit flag when
>> gzip'ed files are downloaded?
> 'explicit flag' may be the wrong phrase -- maybe "expressed intent by the user or origin"?
> --
> Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 23 April 2014 05:32:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC