public-webappsec@w3.org from September 2016 by thread

`localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Mike West (Wednesday, 28 September)

• Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Emily Stark (Dunn) (Wednesday, 28 September)
  • Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Mike West (Thursday, 29 September)
    • Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Emily Stark (Dunn) (Thursday, 29 September)
• Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Melvin Carvalho (Wednesday, 28 September)
  • Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Anders Rundgren (Thursday, 29 September)
  • Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.) Mike West (Thursday, 29 September)

CSS fetch integration Jonathan Kingston (Tuesday, 27 September)

• [Css-images] Re: CSS fetch integration Henrik Andersson (Tuesday, 27 September)

CSP tools and documentation Artur Janc (Monday, 26 September)

• Re: CSP tools and documentation Craig Francis (Tuesday, 27 September)
  • Re: CSP tools and documentation Artur Janc (Tuesday, 27 September)

Restrict loopback address to Secure Contexts? John Wilander (Monday, 26 September)

• Re: Restrict loopback address to Secure Contexts? Mike West (Monday, 26 September)
• RE: Restrict loopback address to Secure Contexts? Crispin Cowan (Monday, 26 September)
  • Re: Restrict loopback address to Secure Contexts? John Wilander (Monday, 26 September)
    • RE: Restrict loopback address to Secure Contexts? Crispin Cowan (Monday, 26 September)
      • Re: Restrict loopback address to Secure Contexts? Devdatta Akhawe (Tuesday, 27 September)
        • RE: Restrict loopback address to Secure Contexts? Crispin Cowan (Tuesday, 27 September)
        • Re: Restrict loopback address to Secure Contexts? Mike West (Tuesday, 27 September)
          • RE: Restrict loopback address to Secure Contexts? Crispin Cowan (Tuesday, 27 September)
            • RE: Restrict loopback address to Secure Contexts? Mohan Sekar (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Mike West (Tuesday, 27 September)
            • RE: Restrict loopback address to Secure Contexts? Crispin Cowan (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Mike West (Tuesday, 27 September)
            • RE: Restrict loopback address to Secure Contexts? Crispin Cowan (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Anne van Kesteren (Wednesday, 28 September)
        • Re: Restrict loopback address to Secure Contexts? Anne van Kesteren (Tuesday, 27 September)
          • Re: Restrict loopback address to Secure Contexts? Mike West (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Anne van Kesteren (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Mike West (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Eduardo' Vela\ (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Eduardo' Vela\ (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Mike West (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Eduardo' Vela\ (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Mike West (Tuesday, 27 September)
            • Re: Restrict loopback address to Secure Contexts? Eduardo' Vela\ (Tuesday, 27 September)

HSTS Priming Kate McKinley (Thursday, 22 September)

• Re: HSTS Priming Mike West (Monday, 26 September)

remote participation for today's session Brad Hill (Thursday, 22 September)

• Re: remote participation for today's session Brad Hill (Friday, 23 September)

webappsec tpac 2016 session agenda (?) Hodges, Jeff (Thursday, 22 September)

remote participation for TPAC Brad Hill (Wednesday, 21 September)

Call availability during TPAC? Deian Stefan (Tuesday, 20 September)

Call on 9/21 Crispin Cowan (Monday, 19 September)

• Re: Call on 9/21 Joel Weinberger (Monday, 19 September)
  • Re: Call on 9/21 Brad Hill (Tuesday, 20 September)

Fwd: DRM protest timed with TPAC 2016 Daniel Veditz (Saturday, 17 September)

Autoclave Bill Scannell (Friday, 16 September)

• Re: Autoclave Sergey Shekyan (Friday, 16 September)
  • Re: Autoclave Dan Kaminsky (Saturday, 17 September)
    • Re: Autoclave Dan Kaminsky (Saturday, 17 September)

Isolate-Me explainer Emily Stark (Dunn) (Friday, 16 September)

• RE: Isolate-Me explainer Crispin Cowan (Monday, 19 September)
  • Re: Isolate-Me explainer Emily Stark (Dunn) (Monday, 19 September)
    • Re: Isolate-Me explainer Charlie Reis (Tuesday, 20 September)
      • Re: Isolate-Me explainer Emily Stark (Dunn) (Wednesday, 21 September)
• Re: Isolate-Me explainer John Wilander (Monday, 19 September)
  • Re: Isolate-Me explainer Artur Janc (Monday, 19 September)
    • Re: Isolate-Me explainer John Wilander (Monday, 19 September)
      • RE: Isolate-Me explainer Crispin Cowan (Tuesday, 20 September)
        • Re: Isolate-Me explainer Emily Stark (Dunn) (Wednesday, 21 September)
          • RE: Isolate-Me explainer Crispin Cowan (Wednesday, 21 September)
• Re: Isolate-Me explainer Tanvi Vyas (Monday, 19 September)
  • Re: Isolate-Me explainer Artur Janc (Tuesday, 20 September)
    • Re: Isolate-Me explainer Emily Stark (Dunn) (Wednesday, 21 September)
      • Re: Isolate-Me explainer Krzysztof Kotowicz (Wednesday, 21 September)
        • Re: Isolate-Me explainer Mike West (Wednesday, 21 September)
• Re: Isolate-Me explainer Craig Francis (Tuesday, 20 September)

Re: [blink-dev] Must have SSL or dedicated IP address? Victor Costan (Thursday, 15 September)

• Re: [blink-dev] Must have SSL or dedicated IP address? Joseph Lorenzo Hall (Monday, 19 September)

Call for Exclusions: Secure Contexts Xueyuan Jia (Friday, 16 September)

WebAppSec and Auto WG discussion during TPAC Ted Guild (Wednesday, 14 September)

• Re: WebAppSec and Auto WG discussion during TPAC Brad Hill (Wednesday, 21 September)
  • Re: WebAppSec and Auto WG discussion during TPAC Ted Guild (Wednesday, 21 September)
    • Re: WebAppSec and Auto WG discussion during TPAC Brad Hill (Wednesday, 21 September)

[webappsec] WG Note: CORS for developers Brad Hill (Tuesday, 13 September)

CSP: Embedded Enforcement Mike West (Friday, 9 September)

• Re: CSP: Embedded Enforcement Daniel Veditz (Friday, 9 September)
  • Re: CSP: Embedded Enforcement Mike West (Monday, 12 September)

[SRI] require-sri-for syntax and additional SRI/CSP interaction Frederik Braun (Friday, 9 September)

• Re: [SRI] require-sri-for syntax and additional SRI/CSP interaction Mike West (Friday, 9 September)
  • [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction Frederik Braun (Friday, 9 September)
    • Re: [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction Mike West (Friday, 9 September)
      • Re: [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction Frederik Braun (Friday, 9 September)

[SRI] require-sri-for: missing integrity metadata? same-origin loads? Frederik Braun (Friday, 9 September)

• Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Mike West (Friday, 9 September)
  • Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Francois Marier (Friday, 9 September)
    • Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Daniel Veditz (Friday, 9 September)
    • Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Frederik Braun (Monday, 12 September)
• Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Sergey Shekyan (Monday, 12 September)
  • Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads? Devdatta Akhawe (Monday, 12 September)

Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016 Hodges, Jeff (Thursday, 8 September)

• Re: Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016 Deian Stefan (Tuesday, 20 September)
  • Re: Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016 ๏̯͡๏ Jasvir Nagra (Wednesday, 21 September)

'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Mike West (Thursday, 8 September)

• Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Artur Janc (Thursday, 8 September)
  • Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Daniel Veditz (Friday, 9 September)
    • Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Mike West (Friday, 9 September)
      • Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Artur Janc (Friday, 9 September)
      • Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Mike West (Tuesday, 13 September)
        • Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP) Daniel Veditz (Wednesday, 14 September)

On the Insecurity of Whitelists and the Future of CSP Hodges, Jeff (Wednesday, 7 September)

• Re: On the Insecurity of Whitelists and the Future of CSP Artur Janc (Wednesday, 7 September)
  • Re: On the Insecurity of Whitelists and the Future of CSP Craig Francis (Thursday, 8 September)
  • Re: On the Insecurity of Whitelists and the Future of CSP Christoph Kerschbaumer (Thursday, 8 September)
    • Re: On the Insecurity of Whitelists and the Future of CSP Artur Janc (Thursday, 8 September)
      • Re: On the Insecurity of Whitelists and the Future of CSP Anne van Kesteren (Thursday, 8 September)
        • Re: On the Insecurity of Whitelists and the Future of CSP Artur Janc (Thursday, 8 September)
          • Re: On the Insecurity of Whitelists and the Future of CSP Anne van Kesteren (Thursday, 8 September)
            • Re: On the Insecurity of Whitelists and the Future of CSP Christoph Kerschbaumer (Thursday, 8 September)
            • Re: On the Insecurity of Whitelists and the Future of CSP Mike West (Thursday, 8 September)
            • Re: On the Insecurity of Whitelists and the Future of CSP Daniel Veditz (Thursday, 8 September)
            • Re: On the Insecurity of Whitelists and the Future of CSP Jim Manico (Thursday, 8 September)
        • Re: On the Insecurity of Whitelists and the Future of CSP Daniel Veditz (Thursday, 8 September)
      • Re: On the Insecurity of Whitelists and the Future of CSP Artur Janc (Thursday, 8 September)
  • Re: On the Insecurity of Whitelists and the Future of CSP Daniel Veditz (Thursday, 8 September)
  • Re: On the Insecurity of Whitelists and the Future of CSP Oda, Terri (Monday, 12 September)

Re: Quoted Referrer-Policy values Mike West (Wednesday, 7 September)

• Re: Quoted Referrer-Policy values Anne van Kesteren (Wednesday, 7 September)
  • Re: Quoted Referrer-Policy values Mike West (Wednesday, 7 September)
    • Re: Quoted Referrer-Policy values Anne van Kesteren (Wednesday, 7 September)
      • Re: Quoted Referrer-Policy values Martin Thomson (Friday, 9 September)

CORS-safelisted request headers should be restricted according to RFC 7231 John Wilander (Wednesday, 7 September)

[webappsec] draft agenda for tomorrow's teleconference Brad Hill (Tuesday, 6 September)

• Re: [webappsec] draft agenda for tomorrow's teleconference Frederik Braun (Wednesday, 7 September)

Re: [suborigins] The origin relationship to suborigins Joel Weinberger (Tuesday, 6 September)

Last message date: Thursday, 29 September 2016 15:15:57 UTC