W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: CfC: Transition CSP2 to CR.

From: Francois Marier <francois@mozilla.com>
Date: Mon, 09 Feb 2015 15:06:46 +1300
Message-ID: <54D81636.6020907@mozilla.com>
To: public-webappsec@w3.org
On 06/02/15 21:25, Mike West wrote:
> Any other issues folks have on their mind for CSP2?

CSP2 recently added support for Base64url hashes citing parity with SRI
as one of the reasons [1] for this change.

Given that the final SRI spec may be moving away from URIs for encoding
the hashes [2], and that CSP hashes are not URIs either, I was
wondering: is there a reason to use a URL-safe encoding of Base64 as
opposed to just regular base64?

It's fairly trivial to support both in user agents, but it adds a small
amount of complexity to both specs.

I don't have a strong opinion on this, but I wanted to note that this
decision will have an impact on what we do in the SRI spec too.


[1] https://github.com/w3c/webappsec/pull/156#issuecomment-72209356
[2] https://lists.w3.org/Archives/Public/public-webappsec/2015Jan/0259.html
Received on Monday, 9 February 2015 02:07:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:46 UTC