W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2014

Re: [integrity] What should we hash?

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 23 Apr 2014 17:27:03 +1000
Cc: Boris Zbarsky <bzbarsky@mit.edu>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-Id: <6AE89326-28E7-464D-91B4-5F1431F4FE19@mnot.net>
To: Devdatta Akhawe <dev.akhawe@gmail.com>

On 23 Apr 2014, at 3:31 pm, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:

> Mark: For, "expressed intent by the user or origin", can you give me
> an example how the user/origin does this in case of gzip'ed files? To
> me, it seems like a decision purely by the user agent.

I guess you can view it that way - I was assuming that the UA's behaviour should be deterministic, based upon a) the content that the origin provides, and b) the behaviour of the user. As such, the "intent" isn't really embodied in the UA...

Cheers,

> 
> For that reason, I used the term "except when user agent intends to
> consume the content without content-encoding applied" instead of
> "expressed intent ...."  I can add a parenthetical "(because of an
> expressed intent by the user or origin)", but I am worried it is
> making an already vague line even more vague.

--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 23 April 2014 07:27:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC