Re: subresource integrity and browser extensions

On Wed, Mar 26, 2014 at 12:00 PM, Mike West <mkwst@google.com> wrote:
> As Yan noted in her email, I agree with this position. Given the
> conversations around similar topics for CSP, I think it probably reflects
> the conensus of the group, and I've added non-normative language to this
> effect in
> https://github.com/w3c/webappsec/commit/b85f0fad4a1d38f57f3bcc457c6f32ad703f3ee8.
>
> CCing Glenn explicitly, since Cox seems concerned about this sort of
> language in general. If another formal objection is coming, I'd like to know
> about it sooner rather than later. :)

I don't really understand why we note this down at all. We don't do
this in other specifications. Specifications are about the default
user experience. It's well understood that people can have their own
user agent or a modified one that does something else. We don't cover
those scenarios as they are complex and an area of active research and
competition.


-- 
http://annevankesteren.nl/

Received on Thursday, 27 March 2014 14:25:51 UTC