- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Wed, 8 Jan 2014 15:45:05 -0800
- To: Ilya Grigorik <igrigorik@google.com>
- Cc: Joel Weinberger <jww@chromium.org>, Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Frederik Braun <fbraun@mozilla.com>, Brad Hill <bhill@paypal.com>, Anne van Kesteren <annevk@annevk.nl>, Mark Nottingham <mnot@mnot.net>, Tab Atkins <tabatkins@google.com>, William Chan <willchan@google.com>
> may want to use a third-party service to host this resource (e.g. a CDN), > but I don't (entirely) trust the third party and want to make sure they > don't swap the content on me, so to guard against that I'm going to specify > an integrity hash in the markup. > > Does that sound about right? yes. That's the main motivation of the specification. =Dev
Received on Wednesday, 8 January 2014 23:45:52 UTC