W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [SRI] Include sha-384 in the spec?

From: Joel Weinberger <jww@chromium.org>
Date: Wed, 07 Jan 2015 17:16:09 +0000
Message-ID: <CAHQV2KmKKjr4LDbE6ZiYO-xqso7ZCjevbJSaLUB_baFF6EXF0w@mail.gmail.com>
To: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Not surprisingly, as the Chromium implementor, I support including sha-384.
This would also be consistent with the CSP Editor's draft:
https://w3c.github.io/webappsec/specs/content-security-policy/

On Tue Jan 06 2015 at 7:19:48 PM Francois Marier <francois@mozilla.com>
wrote:

> Should we include sha-384 as a mandatory algorithm to support?
>
> The Chromium [1] and Firefox [2] implementations both support it and
> it's part of CSP Level 2 [3].
>
> Francois
>
> [1]
> https://code.google.com/p/chromium/codesearch#chromium/
> src/third_party/WebKit/Source/core/frame/SubresourceIntegrity.cpp&sq=
> package:chromium&type=cs&l=66
>
> [2]
> https://bitbucket.org/fmarier/mozilla-central-mq-992096/src/
> 4a686871b1cda481e8eb6044ee2015438c1ae12b/bug992096.patch?at=
> default#cl-1115
>
> [3] http://www.w3.org/TR/CSP2/#source-list-valid-hashes
>
>
Received on Wednesday, 7 January 2015 17:16:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC