- From: Francois Marier <francois@mozilla.com>
- Date: Sun, 18 Jan 2015 13:19:59 +1300
- To: public-webappsec@w3.org
I filed https://github.com/w3c/webappsec/pull/124 after carefully re-reading RFC 6920. The first commit is not controversial but the second one raised some questions: https://github.com/fmarier/webappsec/commit/1b5e6b0d3c40cfb3ede6d40b5f6d849c048b79b5 We don't currently use the "authority" field in NI URIs (e.g. "ni://authority.com/sha-256;foo") and we could either: 1. require that it be empty (i.e. the presence of an authority makes the URI invalid) 2. require that user agents ignore it if present (i.e. URIs with authority can be valid) I have a slight preference for #2 in case we find a good use for it in a future version of the SRI spec. Does anybody have thoughts on this? Francois
Received on Sunday, 18 January 2015 00:20:30 UTC