- From: Brian Smith <brian@briansmith.org>
- Date: Sun, 8 Feb 2015 21:56:54 -0800
- To: Francois Marier <francois@mozilla.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Francois Marier <francois@mozilla.com> wrote: > What should we do for completely unknown hash algorithms? (i.e. case 2 > with old browsers) Dev suggested that perhaps failing open is the only > sane way to let site admins support the long tail of browsers. Site admins could support the long tail of browsers by specifying multiple digests such as integrity="sha256:ABC sha3-512:ABC". Older browsers that don't implement sha3-512 would still enforce the sha256:ABC digest. A newer browser that doesn't consider (SHA-2) sha256 secure but which supports sha3-512 would enforce the sha3-512 digest. Cheers, Brian
Received on Monday, 9 February 2015 05:57:22 UTC