- From: Joel Weinberger <jww@chromium.org>
- Date: Wed, 07 Jan 2015 01:00:05 +0000
- To: "Manger, James" <James.H.Manger@team.telstra.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAHQV2K=HGHaZJCe17EqwPAHv227KtYz7nYX747myCknUPv8Qiw@mail.gmail.com>
Thanks! I've filed several github issues to track this: https://github.com/w3c/webappsec/issues/130 https://github.com/w3c/webappsec/issues/131 https://github.com/w3c/webappsec/issues/132 On Tue Jan 06 2015 at 4:53:58 PM Manger, James < James.H.Manger@team.telstra.com> wrote: > The ni examples in "Subresource Integrity" (editor’s draft 30-Dec-2014) > are not quite right. > > > > 1. > > The ni:///sha-512 URI in 3.2.1 "Agility" needs to omit the "=" padding at > the end of the base64url encoded value. See RFC6920 section 3 definition of > "Digest Value": > > "The digest value MUST be encoded using the base64url > > [RFC4648] encoding, with no "=" padding characters." > > > > WRONG (twice) > > > ni:///sha-512;rQw3wx1psxXzqB8TyM3nAQlK2RcluhsNwxmcqXE2YbgoDW735o8TPmIR4uWpoxUERddvFwjgRSGw7gNPCwuvJg==?ct=text/plain > > RIGHT > > > ni:///sha-512;rQw3wx1psxXzqB8TyM3nAQlK2RcluhsNwxmcqXE2YbgoDW735o8TPmIR4uWpoxUERddvFwjgRSGw7gNPCwuvJg?ct=text/plain > > > > 2. > > The example openssl command in "Subresource Integrity" section 3.1 leaves > newline characters in the output (including in the middle of the sha-512 > output). Suggested change: > > FROM: | openssl enc -base64 | > > TO : | openssl base64 -A | > > > > 3. > > The example content is given as "Hello, world!" in the 3.1 text, but as > "Hello, world." in the note (! vs .). The ni values are calculated from the > "." version. > > Curiously (unfortunately?) it is close but slightly different from the > example content in RFC6920 section 8.1: "Hello World!". > > > > -- > > James Manger > > >
Received on Wednesday, 7 January 2015 01:00:32 UTC