On 06/02/15 21:25, Mike West wrote: > Any other issues folks have on their mind for CSP2? CSP2 recently added support for Base64url hashes citing parity with SRI as one of the reasons [1] for this change. Given that the final SRI spec may be moving away from URIs for encoding the hashes [2], and that CSP hashes are not URIs either, I was wondering: is there a reason to use a URL-safe encoding of Base64 as opposed to just regular base64? It's fairly trivial to support both in user agents, but it adds a small amount of complexity to both specs. I don't have a strong opinion on this, but I wanted to note that this decision will have an impact on what we do in the SRI spec too. Francois [1] https://github.com/w3c/webappsec/pull/156#issuecomment-72209356 [2] https://lists.w3.org/Archives/Public/public-webappsec/2015Jan/0259.htmlReceived on Monday, 9 February 2015 02:07:20 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC