- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Tue, 22 Apr 2014 22:31:44 -0700
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Boris Zbarsky <bzbarsky@mit.edu>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi Based on this discussion (thanks Boris and Mark!), I pushed: https://github.com/w3c/webappsec/commit/20e8e973bcea26495d8bd2211f8439085f640196 (http://w3c.github.io/webappsec/specs/subresourceintegrity/#apply-algorithm-to-resource if you prefer html) Mark: For, "expressed intent by the user or origin", can you give me an example how the user/origin does this in case of gzip'ed files? To me, it seems like a decision purely by the user agent. For that reason, I used the term "except when user agent intends to consume the content without content-encoding applied" instead of "expressed intent ...." I can add a parenthetical "(because of an expressed intent by the user or origin)", but I am worried it is making an already vague line even more vague. thanks dev On 10 April 2014 15:15, Mark Nottingham <mnot@mnot.net> wrote: > > On 11 Apr 2014, at 3:56 am, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > >> Mark said: >>> --8<-- >>> The hash is calculated against the representation <http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-26#section-3.1.1.5> without any content-codings applied, except when there is an explicit flag that the content is to be consumed with content-encodings (e.g., saving a gzip'd file to disk). >>> -->8--- >> >> Oops! Yeah, you are right and you had already clarified this. That was >> a mistake in my email. Sorry about that. Although, I don't know what >> you mean by "explicit flag" above. Whats the explicit flag when >> gzip'ed files are downloaded? > > 'explicit flag' may be the wrong phrase -- maybe "expressed intent by the user or origin"? > > -- > Mark Nottingham http://www.mnot.net/ > > >
Received on Wednesday, 23 April 2014 05:32:34 UTC