- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Wed, 28 Jan 2015 10:03:25 -0800
- To: Daniel Veditz <dveditz@mozilla.com>
- Cc: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
+1 .. I also support getting rid of ni:// @dan it seems if we want to solve the use case of two different hashes based on the content-type, then the type has to be in the hash and not in an attribute? how will things work with a new attribute for this case? --dev On 28 January 2015 at 06:42, Daniel Veditz <dveditz@mozilla.com> wrote: > I support getting rid of the ugly ni:/// syntax. You can't re-use the TYPE > attribute like that, though. In HTML the type attribute means "treat this as > if it were..." and in SRI we're saying "Fail if it's not ...". > > splitting the hash from the required-type info has other advantages than > syntax: for instance the spec says to use the "strongest" hash, but what if > there are two that are the same hash algorithm but with different ?ct > values? +1 to splitting the two, but we'll have to use a new type attribute > like the "integritytype" that I think Martin suggested, or maybe > "required-type". > > -Dan Veditz
Received on Wednesday, 28 January 2015 18:04:17 UTC