W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [Integrity] typos with ni URIs

From: Joel Weinberger <jww@chromium.org>
Date: Wed, 07 Jan 2015 01:00:05 +0000
Message-ID: <CAHQV2K=HGHaZJCe17EqwPAHv227KtYz7nYX747myCknUPv8Qiw@mail.gmail.com>
To: "Manger, James" <James.H.Manger@team.telstra.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Thanks! I've filed several github issues to track this:
https://github.com/w3c/webappsec/issues/130
https://github.com/w3c/webappsec/issues/131
https://github.com/w3c/webappsec/issues/132

On Tue Jan 06 2015 at 4:53:58 PM Manger, James <
James.H.Manger@team.telstra.com> wrote:

> The ni examples in "Subresource Integrity" (editor’s draft 30-Dec-2014)
> are not quite right.
>
>
>
> 1.
>
> The ni:///sha-512 URI in 3.2.1 "Agility" needs to omit the "=" padding at
> the end of the base64url encoded value. See RFC6920 section 3 definition of
> "Digest Value":
>
>   "The digest value MUST be encoded using the base64url
>
>    [RFC4648] encoding, with no "=" padding characters."
>
>
>
> WRONG (twice)
>
>
> ni:///sha-512;rQw3wx1psxXzqB8TyM3nAQlK2RcluhsNwxmcqXE2YbgoDW735o8TPmIR4uWpoxUERddvFwjgRSGw7gNPCwuvJg==?ct=text/plain
>
> RIGHT
>
>
> ni:///sha-512;rQw3wx1psxXzqB8TyM3nAQlK2RcluhsNwxmcqXE2YbgoDW735o8TPmIR4uWpoxUERddvFwjgRSGw7gNPCwuvJg?ct=text/plain
>
>
>
> 2.
>
> The example openssl command in "Subresource Integrity" section 3.1 leaves
> newline characters in the output (including in the middle of the sha-512
> output). Suggested change:
>
> FROM:   | openssl enc -base64 |
>
> TO  :   | openssl base64 -A |
>
>
>
> 3.
>
> The example content is given as "Hello, world!" in the 3.1 text, but as
> "Hello, world." in the note (! vs .). The ni values are calculated from the
> "." version.
>
> Curiously (unfortunately?) it is close but slightly different from the
> example content in RFC6920 section 8.1: "Hello World!".
>
>
>
> --
>
> James Manger
>
>
>
Received on Wednesday, 7 January 2015 01:00:32 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC