Re: [SRI] Comments on Subresource Integrity spec

On 17/05/15 08:51, Devdatta Akhawe wrote:
> "User agents MAY deprecate support (by blocking loads) for integrity
> validation using hash functions deemed insecure. Web application authors
> SHOULD update integrity metadata to remove use of insecure hash functions."

No problem with the second sentence. The first seems fairly specific; I
thought you were arguing for flexibility in how UAs handle "deprecation"?

Gerv

Received on Monday, 18 May 2015 13:17:12 UTC