W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [SRI] format of the integrity attribute

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Wed, 28 Jan 2015 10:03:25 -0800
Message-ID: <CAPfop_0TVNNDT5JTmW6EiLWPHk+fZ-bgJ1-xEmGsMuCAMRfsEg@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
+1 .. I also support getting rid of ni://

@dan it seems if we want to solve the use case of two different hashes
based on the content-type, then the type has to be in the hash and not
in an attribute?  how will things work with a new attribute for this
case?

--dev

On 28 January 2015 at 06:42, Daniel Veditz <dveditz@mozilla.com> wrote:
> I support getting rid of the ugly ni:/// syntax. You can't re-use the TYPE
> attribute like that, though. In HTML the type attribute means "treat this as
> if it were..." and in SRI we're saying "Fail if it's not ...".
>
> splitting the hash from the required-type info has other advantages than
> syntax: for instance the spec says to use the "strongest" hash, but what if
> there are two that are the same hash algorithm but with different ?ct
> values? +1 to splitting the two, but we'll have to use a new type attribute
> like the "integritytype" that I think Martin suggested, or maybe
> "required-type".
>
> -Dan Veditz
Received on Wednesday, 28 January 2015 18:04:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC