W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: Couple comments on Subresource Integrity

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 25 Mar 2014 11:41:18 +0100
To: Trevor Perrin <trevp@trevp.net>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <gvm2j955nme7mb8gvdb1qbuf36sb2qflk6@hive.bjoern.hoehrmann.de>
* Trevor Perrin wrote:
>2) The "ni://" prefix seems pointless, why not just name the attribute
>after the hash algo, i.e.
>
> sha256="base64..."
>
>   instead of
>
> integrity="ni://sha256;base64..."

Tight coupling has a number of downsides; an example is that implemen-
tations can detect the presence of integrity information even when the
document uses an unrecognised algorithm.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 25 March 2014 10:41:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC