W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

[SRI] Reserving the "authority" component of NI URIs for later use?

From: Francois Marier <francois@mozilla.com>
Date: Sun, 18 Jan 2015 13:19:59 +1300
Message-ID: <54BAFC2F.2040002@mozilla.com>
To: public-webappsec@w3.org
I filed https://github.com/w3c/webappsec/pull/124 after carefully
re-reading RFC 6920.

The first commit is not controversial but the second one raised some


We don't currently use the "authority" field in NI URIs (e.g.
"ni://authority.com/sha-256;foo") and we could either:

1. require that it be empty (i.e. the presence of an authority makes the
URI invalid)

2. require that user agents ignore it if present (i.e. URIs with
authority can be valid)

I have a slight preference for #2 in case we find a good use for it in a
future version of the SRI spec.

Does anybody have thoughts on this?

Received on Sunday, 18 January 2015 00:20:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC