- From: Tanvi Vyas <tanvi@mozilla.com>
- Date: Sun, 20 Sep 2015 20:57:50 -0700
- To: Francois Marier <francois@mozilla.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Monday, 21 September 2015 03:58:20 UTC
Yes, that is true. Thanks Francois! On Sun, Sep 20, 2015 at 7:48 PM, Francois Marier <francois@mozilla.com> wrote: > On 20/09/15 06:06 PM, Tanvi Vyas wrote: > > On Sat, Sep 19, 2015 at 4:14 PM, Daniel Veditz <dveditz@mozilla.com > > <mailto:dveditz@mozilla.com>> wrote: > > On Thu, Sep 17, 2015 at 5:04 PM, Brian Smith <brian@briansmith.org > > <mailto:brian@briansmith.org>> wrote: > > > > However, consider the threat model. The primary threat is that > > the host of the stylesheet IS NOT trustworthy, but the host of > > the web page IS trustworthy. > > > > In this case the page author is clearly untrustworthy because two > > different hashes were given to the same resource. > > > > Not necessarily. If a third party hosts two different versions of a > > subresource without changing the filename or path, the first party might > > include the hash of both, knowing one of the two should succeed. > > If I understand the use case you're describing, the author would most > likely use: > > <html> > <head> > <link rel="stylesheet" href="style.css" > integrity="sha256-hash1 sha256-hash2"> > </head> > </html> > > Francois > >
Received on Monday, 21 September 2015 03:58:20 UTC