- From: Joel Weinberger <jww@chromium.org>
- Date: Wed, 07 Jan 2015 17:16:09 +0000
- To: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Wednesday, 7 January 2015 17:16:37 UTC
Not surprisingly, as the Chromium implementor, I support including sha-384. This would also be consistent with the CSP Editor's draft: https://w3c.github.io/webappsec/specs/content-security-policy/ On Tue Jan 06 2015 at 7:19:48 PM Francois Marier <francois@mozilla.com> wrote: > Should we include sha-384 as a mandatory algorithm to support? > > The Chromium [1] and Firefox [2] implementations both support it and > it's part of CSP Level 2 [3]. > > Francois > > [1] > https://code.google.com/p/chromium/codesearch#chromium/ > src/third_party/WebKit/Source/core/frame/SubresourceIntegrity.cpp&sq= > package:chromium&type=cs&l=66 > > [2] > https://bitbucket.org/fmarier/mozilla-central-mq-992096/src/ > 4a686871b1cda481e8eb6044ee2015438c1ae12b/bug992096.patch?at= > default#cl-1115 > > [3] http://www.w3.org/TR/CSP2/#source-list-valid-hashes > >
Received on Wednesday, 7 January 2015 17:16:37 UTC