W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

[SRI] Include sha-384 in the spec?

From: Francois Marier <francois@mozilla.com>
Date: Wed, 07 Jan 2015 16:16:49 +1300
Message-ID: <54ACA521.3060108@mozilla.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Should we include sha-384 as a mandatory algorithm to support?

The Chromium [1] and Firefox [2] implementations both support it and
it's part of CSP Level 2 [3].

Francois

[1]
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/Source/core/frame/SubresourceIntegrity.cpp&sq=package:chromium&type=cs&l=66

[2]
https://bitbucket.org/fmarier/mozilla-central-mq-992096/src/4a686871b1cda481e8eb6044ee2015438c1ae12b/bug992096.patch?at=default#cl-1115

[3] http://www.w3.org/TR/CSP2/#source-list-valid-hashes
Received on Wednesday, 7 January 2015 03:17:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC