[Manifest] Unclear if "should" intended as "SHOULD" #109

RobDolinMS · 2016-06-01T21:13:58Z

size int
...
If the length of the retrieved content does not match the specified length, the content should not be trusted.

If intended as a recommendation, use "SHOULD" (ALL CAPS.)
If not intended as a recommendation invoke RFC meaning, consider alternate wording.

stevvooe · 2016-06-01T23:20:00Z

I'm not even sure this is correct. The size is really there to support preallocation. Content verification should be done through digest.

philips · 2016-06-02T00:08:51Z

I think it is correct. This may protect against future length extension attacks.

stevvooe · 2016-06-02T00:14:10Z

Ok, this should be SHOULD, then.

I'm going to add this to #111, as this question comes up all the time.

philips · 2016-06-15T23:23:56Z

confirmed fixed in #111

philips added component/serialization spec component/manifest spec kind/question labels Jun 2, 2016

philips added this to the v1.0.0-rc milestone Jun 2, 2016

philips closed this as completed Jun 15, 2016

xiekeyang mentioned this issue Dec 24, 2016

combinational image #508

Closed

wking mentioned this issue May 19, 2017

spec: Remove DNS-naming and signing entries from high-level components #643

Merged

Provide feedback