Closed otherdaniel closed 1 day ago
Well... last paragraph of "The Proposal" does describe this. No longer sure there's something left to do, though. Please close if there's not much to add.
I vote for closing it. I imagine there are other issues that we do need to discuss but we can file a new issue that is specific as needed.
I think https://mikewest.github.io/signature-based-sri and https://w3c.github.io/webappsec-csp/#match-integrity-metadata-to-source-list now provide a pretty solid basis here. Closing this out.
Content Security Policy interacts with Subresource Integrity. For ed25519 signature, the extension of this interaction is probably straightforward, but.... should maybe still be specified.