W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

Re: [SRI] Comments on Subresource Integrity spec

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Mon, 18 May 2015 12:29:00 -0700
Message-ID: <CAPfop_0xHakjGcMtDex4FRjLsfO6mWFXWJo3G7=PmXTsH3ROBQ@mail.gmail.com>
To: Gervase Markham <gerv@mozilla.org>
Cc: Joel Weinberger <jww@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Given that there is some disagreement about this, I don't think we gain
anything by asserting that. As I mentioned, I can imagine a UA doing this
to encourage migration.

On 18 May 2015 at 08:39, Gervase Markham <gerv@mozilla.org> wrote:

> On 18/05/15 16:33, Devdatta Akhawe wrote:
> > I thought the MAY gave flexibility to UAs. Does it not?
>
> It does; but I always think that when a spec says "MAY", it means a bit
> more than "You MAY consider the moon to be made of green cheese"; i.e.
> there are circumstances where the MAY might be a good idea. I'm not sure
> I can think of any circumstances where a UA would decide to block loads
> due to out-of-date integrity hash algorithms, given that the
> no-integrity behaviour is to load regardless.
>
> Gerv
>
Received on Monday, 18 May 2015 19:29:48 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC