W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: [integrity] What should we hash?

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Fri, 14 Mar 2014 21:11:48 -0700
Message-ID: <CAPfop_1HF1+HLMT95KSPAzzNiuwm2KM7VDvfdBrzON6qPgYAJQ@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Mark Nottingham <mnot@mnot.net>, "public-webappsec@w3.org" <public-webappsec@w3.org>
>> Well, we aren't supporting progressive hashes right now.
> I'd like to understand what that means.  Does that mean the hash can't be
> computed in a streaming fashion, but actually needs the entire decompressed
> data in a single chunk (in memory?) to compute the hash?
> I'm really hoping I'm just misunderstanding this point....

Sorry. I was wrong. I got confused. You are right.

The hash can be computed in a streaming fashion. The final "this is
ok" can only be done after the hash has been computed on the whole

> This seems reasonable, with one caveat: I would prefer there be no optional
> behavior here.  What the non-optional behavior should be depends on the
> above question about streaming vs not.

Given my clarification above, can you explain what should not be
non-optional? Are you saying that the spec should require a
"encoding=gzip" for files that will be saved to disk in a gzip'ed

Received on Saturday, 15 March 2014 04:12:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC