- From: Francois Marier <francois@mozilla.com>
- Date: Sun, 20 Sep 2015 19:48:40 -0700
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 20/09/15 06:06 PM, Tanvi Vyas wrote:
> On Sat, Sep 19, 2015 at 4:14 PM, Daniel Veditz <dveditz@mozilla.com
> <mailto:dveditz@mozilla.com>> wrote:
> On Thu, Sep 17, 2015 at 5:04 PM, Brian Smith <brian@briansmith.org
> <mailto:brian@briansmith.org>> wrote:
>
> However, consider the threat model. The primary threat is that
> the host of the stylesheet IS NOT trustworthy, but the host of
> the web page IS trustworthy.
>
> In this case the page author is clearly untrustworthy because two
> different hashes were given to the same resource.
>
> Not necessarily. If a third party hosts two different versions of a
> subresource without changing the filename or path, the first party might
> include the hash of both, knowing one of the two should succeed.
If I understand the use case you're describing, the author would most
likely use:
<html>
<head>
<link rel="stylesheet" href="style.css"
integrity="sha256-hash1 sha256-hash2">
</head>
</html>
Francois
Received on Monday, 21 September 2015 02:49:11 UTC