Re: [integrity] What should we hash? from Devdatta Akhawe on 2014-03-13 (public-webappsec@w3.org from March 2014)

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Thu, 13 Mar 2014 09:48:47 -0700
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Mark Nottingham <mnot@mnot.net>, public-webappsec@w3.org
Message-ID: <CAPfop_3VDBn27TTkvrk721=AX2CRbW02ij9nWKpUTi4vZ2ZL_A@mail.gmail.com>

The browser can do whatever it does right now. But for integrity
verification, it will need to undo content encodings like gzip.
 On Mar 12, 2014 11:33 PM, "Boris Zbarsky" <bzbarsky@mit.edu> wrote:

> On 3/13/14 2:27 AM, Devdatta Akhawe wrote:
>
>> I think the browser should undo the content-encoding for downloads
>> that include integrity metadata.
>>
>
> What does that mean for user-observed behavior in my "concrete example"
> cases?  If it means saving a file called foo.txt.gz which contains
> non-gzipped text, then I object.  ;)
>
> -Boris
>

Received on Thursday, 13 March 2014 16:49:14 UTC