W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [Integrity] typos with ni URIs

From: Brian Smith <brian@briansmith.org>
Date: Mon, 19 Jan 2015 13:40:46 -0800
Message-ID: <CAFewVt49LqSir8cJQ3jXxpm1vyfwDE=k57mGaTjswB9_O4t_3w@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "Manger, James" <James.H.Manger@team.telstra.com>
Mike West <mkwst@google.com> wrote:
> Why is it beneficial for the user agent to reject an encoding that it could
> trivially understand? It doesn't feel like we're jumping through hoops to
> accept "any old" encoding if we accept either "+" or "/" in an encoded hash.

I think we're violently agreeing. My point is that when you allow this
flexibility, then you are no longer specifying the use of standard
RFC6920 URLs, but rather something similar-but-different. If we're
willing to break conformance with RFC6920 then we might as well
optimize it further for our convenience, by removing the "ni:///"
prefix and by replacing the ";" with something that works better for
CSP, such as ":", e.g.:

    <digest-name> ":" <digest-value> [ "?ct=" <content-type> ]

Note that this is a valid URL, where the scheme is the digest name and
the path is the digest-value.

Cheers,
Brian
Received on Monday, 19 January 2015 21:41:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC