W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

Re: [SRI] Comments on Subresource Integrity spec

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 18 May 2015 16:39:33 +0100
To: Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: Joel Weinberger <jww@chromium.org>, public-webappsec@w3.org
Message-ID: <555A07B5.4010201@mozilla.org>
On 18/05/15 16:33, Devdatta Akhawe wrote:
> I thought the MAY gave flexibility to UAs. Does it not?

It does; but I always think that when a spec says "MAY", it means a bit
more than "You MAY consider the moon to be made of green cheese"; i.e.
there are circumstances where the MAY might be a good idea. I'm not sure
I can think of any circumstances where a UA would decide to block loads
due to out-of-date integrity hash algorithms, given that the
no-integrity behaviour is to load regardless.

Received on Monday, 18 May 2015 15:40:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:49 UTC