W3C home > Mailing lists > Public > public-web-security@w3.org > June 2010

Re: CSP & IETF BOF on HTTP Application Security?

From: Brandon Sterne <bsterne@mozilla.com>
Date: Wed, 09 Jun 2010 08:25:20 -0700
Message-ID: <4C0FB260.5060606@mozilla.com>
To: art.barstow@nokia.com
CC: ext Thomas Roessler <tlr@w3.org>, Jonas Sicking <jonas@sicking.cc>, Arun Ranganathan <arun@mozilla.com>, ext Daniel Veditz <dveditz@mozilla.com>, "public-web-security@w3.org" <public-web-security@w3.org>
I think W3C is the right venue for CSP given that CSP is primarily
geared towards content restrictions and HASMAT will be primarily focused
on transport-level restrictions (think Origin header, STS, etc.).  I
think there is a neat separation between these two areas which maps well
to the areas of focus of IETF and W3C.

-Brandon


On 06/03/2010 11:39 AM, Arthur Barstow wrote:
> Would this be a reasonable/acceptable place for CSP?
> 
> -Art Barstow
> 
> P.S. "hasmat" - that's a good one!
>>> From: Peter Saint-Andre<stpeter@stpeter.im>
>>> Date: 3 June 2010 20:14:13 GMT+02:00
>>> To: "apps-discuss@ietf.org"<apps-discuss@ietf.org>
>>> Subject: Re: HTTP Application Security (HAS) BoF
>>>
>>> We now have a dedicated list for this BoF:
>>>
>>> https://www.ietf.org/mailman/listinfo/hasmat
>>>
>>> Please discuss further on that list. I'll be blasting various lists and
>>> individuals regarding the BoF.
>>>
>>> On 6/2/10 8:11 AM, Peter Saint-Andre wrote:
>>>     
>>>> I've received a proposal to hold a birds of a feather (BoF) session at
>>>> IETF 78 in Maastricht on the topic of HTTP Application Security.  A
>>>> draft charter and agenda can be found below.  Please discuss on the
>>>> apps-discuss@ietf.org list:
Received on Wednesday, 9 June 2010 15:26:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:03 GMT