W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2014

Re: SRI: <a> vs integrity

From: Brad Hill <hillbrad@gmail.com>
Date: Tue, 29 Jul 2014 15:37:02 -0700
Message-ID: <CAEeYn8hvtpDB_hgsS7HQH_4betR8-RdYhG2y9MkVr7ZKEjJiGw@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Eduardo Robles Elvira <edulix@agoravoting.com>, "Hill, Brad" <bhill@paypal.com>, Julian Reschke <julian.reschke@gmx.de>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Thanks Dan, that's exactly what I was trying to say.  :)

On Tue, Jul 29, 2014 at 3:35 PM, Daniel Veditz <dveditz@mozilla.com> wrote:
> On 7/28/2014 4:54 PM, Eduardo Robles Elvira wrote:
>> I wouldn't make them so bold and in-your-face, but the
>> a-download-link-integrity use-case is not a corner-case.
>
> Brad didn't mean downloads were "borderline" interesting, he meant it
> was literally "on the border" between navigation (which we don't want to
> touch) and part of the application/site (which we do want to cover with
> resource integrity). We could more simply not touch anything that uses
> the mechanics of navigation (clicking a link) but the download case is
> important and common enough to risk making the scope of the
> specification less clear. Murky or not, though, we don't want to
> interfere with navigation.
>
> -Dan Veditz
>
Received on Tuesday, 29 July 2014 22:37:30 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC