Re: Comments on Subresource integrity

Hey Watson

thanks for the email. I filed bugs for 1 and 2. They seem like easy fixes
and we will get to them soon.
https://github.com/w3c/webappsec/issues/366
https://github.com/w3c/webappsec/issues/367

Re point 3: I am not a fan of the spec (which changes slowly) defining
priority. I think we should leave this flexibility to UAs instead of
mandating priority of hash functions.


cheers
Dev


On 16 May 2015 at 10:01, Watson Ladd <watsonbladd@gmail.com> wrote:

> Dear all,
>
> I have several comments on the draft.
>
> 1: The draft does not define how to parse tokens, only split a list of
> tokens on spaces. It's clear from examples what is meant, but this
> should be made explicit.
>
> 2: There does not appear a way to specify multiple hashes with the
> same algorithm. This may be useful in load-balancer situations where a
> phased rollout  may mean some requests return different data from
> others.
>
> 3: Permitting user agents to indicate priority in mutually
> incompatible ways is not as good as specifying one useful way. The
> best way is probably a comparison function.
>
> Sincerely,
> Watson Ladd
>
> --
> "Man is born free, but everywhere he is in chains".
> --Rousseau.
>
>
>

Received on Monday, 18 May 2015 19:28:23 UTC