W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: Couple comments on Subresource Integrity

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Tue, 25 Mar 2014 18:10:40 +0530
Message-ID: <CAPfop_2qKNiR03e16NUyhMQLgt4nwccaWTCssf8vJjh_B3VBwQ@mail.gmail.com>
To: Trevor Perrin <trevp@trevp.net>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
> The 6920 format adds verbosity, parsing, and having to read a 20-page
> (?!) doc.  What's the benefit?

I am curious: are these the only concerns you have with using the RFC 6920?

One benefit of having content type as separate meta-data is the
browser can send that and only that in the "accept" header. Regardless
of whether the format is RFC6920 or not, I do think this is useful.

I agree that reading a 20 page doc for something so simple is kinda
ridiculous: at first glance, there do seem to be things in it that are
unnecessary for the SRI use-case. But, at first glance---maybe others
are able to come up with scenarios where those things are useful too.

Received on Tuesday, 25 March 2014 12:41:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC