Re: The HTTP Origin Header (draft-abarth-origin)

Adam Barth wrote:
> On Mon, Jan 26, 2009 at 4:40 PM, Adrien de Croy <> wrote:
>>> In a sense, the same argument could be advanced about any browser
>>> feature (CSS, <canvas>, etc).  This shouldn't stop us from innovating.
>> this is security we're talking about though, not additional nice-to-have
>> features.  Again, we still need to secure all users, and can't wait until
>> deployment of some new header.
> It is impossible to secure all the users who visit your Web site.  You
> cannot secure users with IE5 or Firefox 1.0, for example.  Moreover,
> the header provides incremental value while it is being deployed.
Do you have any more information on this you could refer me to?  I find 
it hard to believe that there can be no security scheme which would be 



Adrien de Croy - WinGate Proxy Server -

Received on Tuesday, 27 January 2009 01:32:18 UTC