Re: [SRI] Comments on Subresource Integrity spec

"MAY" certainly covers the plans for our implementation, so it works for
me. I'd like to know, though, if any UA actually plans not to follow this
directive. If not, than I don't really see the point of a "MAY" vs "SHOULD"
or "MUST." But, yeah, I'm fine with this in any case.

PS: I'm on vacation until next week, so I'll be quite slow to respond at
times. My apologies!

On Tue, May 19, 2015 at 5:29 AM, Devdatta Akhawe <>

> Given that there is some disagreement about this, I don't think we gain
> anything by asserting that. As I mentioned, I can imagine a UA doing this
> to encourage migration.
> On 18 May 2015 at 08:39, Gervase Markham <> wrote:
>> On 18/05/15 16:33, Devdatta Akhawe wrote:
>> > I thought the MAY gave flexibility to UAs. Does it not?
>> It does; but I always think that when a spec says "MAY", it means a bit
>> more than "You MAY consider the moon to be made of green cheese"; i.e.
>> there are circumstances where the MAY might be a good idea. I'm not sure
>> I can think of any circumstances where a UA would decide to block loads
>> due to out-of-date integrity hash algorithms, given that the
>> no-integrity behaviour is to load regardless.
>> Gerv

Received on Monday, 18 May 2015 22:22:54 UTC