W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: Couple comments on Subresource Integrity

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Tue, 25 Mar 2014 07:41:47 +0530
Message-ID: <CAPfop_3LF855goTbo9rx66v9KufZaYC9drPFMQ0O+2z7h3+YBw@mail.gmail.com>
To: Trevor Perrin <trevp@trevp.net>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi Trevor

> 1) Why does the content-type need to be specified in the link?  Why
> not just include it as input to the hash?

I believe this is because the existing RFC already uses the syntax.
See http://tools.ietf.org/html/rfc6920#section-3.1

> 2) The "ni://" prefix seems pointless, why not just name the attribute
> after the hash algo, i.e.

Again, I believe this is because of the existing RFC, which defined this format.

Received on Tuesday, 25 March 2014 02:12:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC