W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: [integrity] What should we hash?

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Thu, 13 Mar 2014 09:48:47 -0700
Message-ID: <CAPfop_3VDBn27TTkvrk721=AX2CRbW02ij9nWKpUTi4vZ2ZL_A@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Mark Nottingham <mnot@mnot.net>, public-webappsec@w3.org
The browser can do whatever it does right now. But for integrity
verification, it will need to undo content encodings like gzip.
 On Mar 12, 2014 11:33 PM, "Boris Zbarsky" <bzbarsky@mit.edu> wrote:

> On 3/13/14 2:27 AM, Devdatta Akhawe wrote:
>
>> I think the browser should undo the content-encoding for downloads
>> that include integrity metadata.
>>
>
> What does that mean for user-observed behavior in my "concrete example"
> cases?  If it means saving a file called foo.txt.gz which contains
> non-gzipped text, then I object.  ;)
>
> -Boris
>
Received on Thursday, 13 March 2014 16:49:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC