Comments on Subresource integrity from Watson Ladd on 2015-05-16 (public-webappsec@w3.org from May 2015)

From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 16 May 2015 10:01:37 -0700
To: public-webappsec@w3.org
Message-ID: <CACsn0cmyCjJRfwaLAyttNKHQy3vh7cJ9q+y7=qGTj=vbz305+g@mail.gmail.com>

Dear all,

I have several comments on the draft.

1: The draft does not define how to parse tokens, only split a list of
tokens on spaces. It's clear from examples what is meant, but this
should be made explicit.

2: There does not appear a way to specify multiple hashes with the
same algorithm. This may be useful in load-balancer situations where a
phased rollout  may mean some requests return different data from
others.

3: Permitting user agents to indicate priority in mutually
incompatible ways is not as good as specifying one useful way. The
best way is probably a comparison function.

Sincerely,
Watson Ladd

-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

Received on Monday, 18 May 2015 13:42:06 UTC