W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

Comments on Subresource integrity

From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 16 May 2015 10:01:37 -0700
Message-ID: <CACsn0cmyCjJRfwaLAyttNKHQy3vh7cJ9q+y7=qGTj=vbz305+g@mail.gmail.com>
To: public-webappsec@w3.org
Dear all,

I have several comments on the draft.

1: The draft does not define how to parse tokens, only split a list of
tokens on spaces. It's clear from examples what is meant, but this
should be made explicit.

2: There does not appear a way to specify multiple hashes with the
same algorithm. This may be useful in load-balancer situations where a
phased rollout  may mean some requests return different data from
others.

3: Permitting user agents to indicate priority in mutually
incompatible ways is not as good as specifying one useful way. The
best way is probably a comparison function.

Sincerely,
Watson Ladd

-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.
Received on Monday, 18 May 2015 13:42:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC