Comments on Subresource integrity

Dear all,

I have several comments on the draft.

1: The draft does not define how to parse tokens, only split a list of
tokens on spaces. It's clear from examples what is meant, but this
should be made explicit.

2: There does not appear a way to specify multiple hashes with the
same algorithm. This may be useful in load-balancer situations where a
phased rollout  may mean some requests return different data from
others.

3: Permitting user agents to indicate priority in mutually
incompatible ways is not as good as specifying one useful way. The
best way is probably a comparison function.

Sincerely,
Watson Ladd

-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

Received on Monday, 18 May 2015 13:42:06 UTC