W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: [integrity] What should we hash?

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sat, 15 Mar 2014 00:14:06 -0400
Message-ID: <5323D38E.3090302@mit.edu>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
CC: Mark Nottingham <mnot@mnot.net>, "public-webappsec@w3.org" <public-webappsec@w3.org> 
On 3/15/14 12:11 AM, Devdatta Akhawe wrote:
> The hash can be computed in a streaming fashion. The final "this is
> ok" can only be done after the hash has been computed on the whole
> file.

OK.  That makes sense.  ;)

>> This seems reasonable, with one caveat: I would prefer there be no optional
>> behavior here.  What the non-optional behavior should be depends on the
>> above question about streaming vs not.
>
> Given my clarification above, can you explain what should not be
> non-optional? Are you saying that the spec should require a
> "encoding=gzip" for files that will be saved to disk in a gzip'ed
> format?

Yes.

-Boris
Received on Saturday, 15 March 2014 04:14:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC