W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry?

From: Mike West <mkwst@google.com>
Date: Thu, 8 Jan 2015 10:33:46 +0100
Message-ID: <CAKXHy=ceVh04XE_NDrdpyY-1cLEy-8mJLOvG+CV3=o00+HDhZw@mail.gmail.com>
To: Francois Marier <francois@mozilla.com>, Mark Nottingham <mnot@mnot.net>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
I have no idea. :) Adding mnot as our resident IETF wonk.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Mon, Jan 5, 2015 at 2:50 AM, Francois Marier <francois@mozilla.com>
wrote:

> We use RFC6920 URIs in the SRI spec to encode the hash algorithm and
> value. That RFC created [1] a new registry [2] for the approved hash
> algorithms.
>
> Since we intend to support sha-512 (and potentially sha-384 to match the
> CSP spec [3]), should we get these algorithms added to the registry now?
> Or is the right process to do that after we publish the SRI spec?
>
> Francois
>
> [1] http://tools.ietf.org/html/rfc6920#section-9.4
> [2]
>
> https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg
> [3] http://www.w3.org/TR/CSP2/#source-list-valid-hashes
>
>
Received on Thursday, 8 January 2015 09:34:34 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC