On Sat, Sep 19, 2015 at 4:14 PM, Daniel Veditz <dveditz@mozilla.com> wrote: > On Thu, Sep 17, 2015 at 5:04 PM, Brian Smith <brian@briansmith.org> wrote: > >> However, consider the threat model. The primary threat is that the host >> of the stylesheet IS NOT trustworthy, but the host of the web page IS >> trustworthy. >> > > In this case the page author is clearly untrustworthy because two > different hashes were given to the same resource. > Not necessarily. If a third party hosts two different versions of a subresource without changing the filename or path, the first party might include the hash of both, knowing one of the two should succeed. > If there are two different hash algorithms it's possible they really refer > to the same content--do we have to check both just in case there's an > unknown hash collision attack for one of them? Hopefully we'll drop support > for weak hashes before that's an issue. > > If they use the same hash algorithm and the first one passes the styles > are in the page and affecting layout. The sole effect of this bug is that > the error message for the second instance is not reported. If the order > were reversed then the first error is reported and then the second one > loads as expected. > > - > Dan Veditz > >
Received on Monday, 21 September 2015 01:06:51 UTC