Re: [SRI] Include sha-384 in the spec?

Not surprisingly, as the Chromium implementor, I support including sha-384.
This would also be consistent with the CSP Editor's draft:
https://w3c.github.io/webappsec/specs/content-security-policy/

On Tue Jan 06 2015 at 7:19:48 PM Francois Marier <francois@mozilla.com>
wrote:

> Should we include sha-384 as a mandatory algorithm to support?
>
> The Chromium [1] and Firefox [2] implementations both support it and
> it's part of CSP Level 2 [3].
>
> Francois
>
> [1]
> https://code.google.com/p/chromium/codesearch#chromium/
> src/third_party/WebKit/Source/core/frame/SubresourceIntegrity.cpp&sq=
> package:chromium&type=cs&l=66
>
> [2]
> https://bitbucket.org/fmarier/mozilla-central-mq-992096/src/
> 4a686871b1cda481e8eb6044ee2015438c1ae12b/bug992096.patch?at=
> default#cl-1115
>
> [3] http://www.w3.org/TR/CSP2/#source-list-valid-hashes
>
>

Received on Wednesday, 7 January 2015 17:16:37 UTC