W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: Subresource Integrity strawman.

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Wed, 8 Jan 2014 15:45:05 -0800
Message-ID: <CAPfop_3ni9Zzwe6uvFFNfYJQB3Mowcq37OErbmGCY0y1Akci5g@mail.gmail.com>
To: Ilya Grigorik <igrigorik@google.com>
Cc: Joel Weinberger <jww@chromium.org>, Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Frederik Braun <fbraun@mozilla.com>, Brad Hill <bhill@paypal.com>, Anne van Kesteren <annevk@annevk.nl>, Mark Nottingham <mnot@mnot.net>, Tab Atkins <tabatkins@google.com>, William Chan <willchan@google.com>
> may want to use a third-party service to host this resource (e.g. a CDN),
> but I don't (entirely) trust the third party and want to make sure they
> don't swap the content on me, so to guard against that I'm going to specify
> an integrity hash in the markup.
> Does that sound about right?

yes. That's the main motivation of the specification.

Received on Wednesday, 8 January 2014 23:45:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:36 UTC