- From: Bertil Chapuis <bertil.chapuis@unil.ch>
- Date: Tue, 2 Jul 2019 14:17:05 +0000
- To: Frederik Braun <fbraun@mozilla.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hello Freddy, > On 2 Jul 2019, at 15:30, Frederik Braun <fbraun@mozilla.com> wrote: > > I've noticed that my spec co-editors have all not been very active > lately, so I wonder who'd be willing to help with reviews on pull > request - most of them will be of editorial nature. Last year, I briefly presented a study related to SRI at TPAC and proposed to extend the specification (as initially intended) to other HTML elements such as img, video, or a. At this time, I only had a little time to dedicate to this task, but since then I have been hired by the University of Lausanne to do web security research. Therefore, I would gladly help in any revision work associated with the SRI specification. > > In this specific case, I have removed all references to > `require-sri-for`, because both Firefox and Gecko intend to remove this > from their browsers. See > <https://github.com/w3c/webappsec-subresource-integrity/pull/82> Regarding the require-sri-for header, we are monitoring its use on the Web and it occurs very rarely (0.0132% of webpages). Whereas it’s not widely used, don’t you think it introduce a nice separation of concerns between system administrators and web developer that could eventually help at increasing the adoption of the specification (2.55% of webpages are now including at least one SRI)? Best regards, Bertil
Received on Tuesday, 2 July 2019 14:48:27 UTC