Re: [SRI] unsupported hashes and invalid metadata

> 1. <script integrity="ni:///sha-512;foo"> for a modern browser that no
> longer considers that hash algorithm secure
>
> 2. <script integrity="ni:///sha-1024;foo"> for an older browser that
> doesn't know about this new hash algorithm
>
> I think you're suggesting we fail open (for a time anyways) in the first
> case by keeping a list of known-but-no-longer-trusted hash algorithms. I
> can draft a pull request for this.

Do we really need to spec the first case? I think we should leave it
to UAs to decide what is best for their users.

cheers
Dev

Received on Saturday, 3 January 2015 20:47:34 UTC