W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry?

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 8 Jan 2015 10:19:25 -0500
Cc: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-Id: <D72B009B-44F7-4BD5-B5C7-34C2CA3D0427@mnot.net>
To: Mike West <mkwst@google.com>
The registry is Expert Review, so I’d just go ahead an make the request; there’s nothing in it that’s tied to SRI specifically.

If you need help, just yell.

Cheers,


> On 8 Jan 2015, at 4:33 am, Mike West <mkwst@google.com> wrote:
> 
> I have no idea. :) Adding mnot as our resident IETF wonk.
> 
> -mike
> 
> --
> Mike West <mkwst@google.com>, @mikewest
> 
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
> 
> On Mon, Jan 5, 2015 at 2:50 AM, Francois Marier <francois@mozilla.com> wrote:
> We use RFC6920 URIs in the SRI spec to encode the hash algorithm and
> value. That RFC created [1] a new registry [2] for the approved hash
> algorithms.
> 
> Since we intend to support sha-512 (and potentially sha-384 to match the
> CSP spec [3]), should we get these algorithms added to the registry now?
> Or is the right process to do that after we publish the SRI spec?
> 
> Francois
> 
> [1] http://tools.ietf.org/html/rfc6920#section-9.4
> [2]
> https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg
> [3] http://www.w3.org/TR/CSP2/#source-list-valid-hashes
> 
> 

--
Mark Nottingham   http://www.mnot.net/
Received on Thursday, 8 January 2015 15:19:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC