- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Mon, 18 May 2015 12:27:34 -0700
- To: Watson Ladd <watsonbladd@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Monday, 18 May 2015 19:28:23 UTC
Hey Watson thanks for the email. I filed bugs for 1 and 2. They seem like easy fixes and we will get to them soon. https://github.com/w3c/webappsec/issues/366 https://github.com/w3c/webappsec/issues/367 Re point 3: I am not a fan of the spec (which changes slowly) defining priority. I think we should leave this flexibility to UAs instead of mandating priority of hash functions. cheers Dev On 16 May 2015 at 10:01, Watson Ladd <watsonbladd@gmail.com> wrote: > Dear all, > > I have several comments on the draft. > > 1: The draft does not define how to parse tokens, only split a list of > tokens on spaces. It's clear from examples what is meant, but this > should be made explicit. > > 2: There does not appear a way to specify multiple hashes with the > same algorithm. This may be useful in load-balancer situations where a > phased rollout may mean some requests return different data from > others. > > 3: Permitting user agents to indicate priority in mutually > incompatible ways is not as good as specifying one useful way. The > best way is probably a comparison function. > > Sincerely, > Watson Ladd > > -- > "Man is born free, but everywhere he is in chains". > --Rousseau. > > >
Received on Monday, 18 May 2015 19:28:23 UTC