- From: Brian Smith <brian@briansmith.org>
- Date: Mon, 19 Jan 2015 13:40:46 -0800
- To: Mike West <mkwst@google.com>
- Cc: Martin Thomson <martin.thomson@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "Manger, James" <James.H.Manger@team.telstra.com>
Mike West <mkwst@google.com> wrote:
> Why is it beneficial for the user agent to reject an encoding that it could
> trivially understand? It doesn't feel like we're jumping through hoops to
> accept "any old" encoding if we accept either "+" or "/" in an encoded hash.
I think we're violently agreeing. My point is that when you allow this
flexibility, then you are no longer specifying the use of standard
RFC6920 URLs, but rather something similar-but-different. If we're
willing to break conformance with RFC6920 then we might as well
optimize it further for our convenience, by removing the "ni:///"
prefix and by replacing the ";" with something that works better for
CSP, such as ":", e.g.:
<digest-name> ":" <digest-value> [ "?ct=" <content-type> ]
Note that this is a valid URL, where the scheme is the digest name and
the path is the digest-value.
Cheers,
Brian
Received on Monday, 19 January 2015 21:41:16 UTC