public-web-security@w3.org from December 2009 by date

Tuesday, 29 December 2009

• Re: HTTP Mutual-auth proposal status / HTTP AUTH meet-up in Anaheim? Yutaka OIWA
• Re: HTTP Mutual-auth proposal status / HTTP AUTH meet-up in Anaheim? =JeffH

Monday, 28 December 2009

• RE: STS and "mixed content" (Part 3 of Re: Feedback on the Strict-Transport-Security specification) Steingruebl, Andy

Thursday, 24 December 2009

• HTTP Mutual-auth proposal status / HTTP AUTH meet-up in Anaheim? Yutaka OIWA

Friday, 18 December 2009

• following up on STS feedback -- draft-hodges-strict-transport-sec-06.plain.html =JeffH
• Re: STS and "mixed content" (Part 3 of Re: Feedback on the Strict-Transport-Security specification) Adam Barth
• Re: more flexible ABNF for STS? (=JeffH) =JeffH

Thursday, 17 December 2009

• Re: Handling multiple headers when only one is allowed =JeffH
• Re: Handling multiple headers when only one is allowed Michal Zalewski
• Re: Handling multiple headers when only one is allowed Julian Reschke
• Re: Handling multiple headers when only one is allowed Mark Nottingham

Wednesday, 16 December 2009

• Re: Handling multiple headers when only one is allowed Thomas Roessler
• Re: Handling multiple headers when only one is allowed Yngve N. Pettersen (Developer Opera Software ASA)
• Re: Handling multiple headers when only one is allowed Michal Zalewski
• Re: Handling multiple headers when only one is allowed Adam Barth
• Handling multiple headers when only one is allowed Bil Corry
• STS and "mixed content" (Part 3 of Re: Feedback on the Strict-Transport-Security specification) =JeffH

Tuesday, 15 December 2009

• fyi: wiki/Same_Origin_Policy linked-to by Browser Security Handbook (BSH) =JeffH

Monday, 14 December 2009

• Request for Comments: LCWD of Widget Access Request Policy spec; deadline 13-Jan-2010 Arthur Barstow
• Mobile Security barcamp - 19th January 2010, Sophia Antipolis David Rogers
• Re: What is the same-origin policy for (was Re: The Origin header) sird@rckc.at
• Re: What is the same-origin policy for (was Re: The Origin header) Daniel Veditz

Friday, 11 December 2009

• STS user-agent processing and new max-age values Sid Stamm
• Re: STS user-agent processing and new max-age values =JeffH

Thursday, 10 December 2009

• Same origin CSS selector attacks gaz Heyes
• Re: Risks from CSS injection gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: STS and lockCA and EVonly (was: STS and lockCA (Gerv)) =JeffH

Wednesday, 9 December 2009

• more flexible ABNF for STS? (=JeffH) =JeffH
• Re: Seamless iframes + CSS3 selectors = bad idea Mary Ellen Zurko
• Re: Risks from CSS injection Maciej Stachowiak
• Re: Risks from CSS injection gaz Heyes
• Re: Risks from CSS injection Maciej Stachowiak
• Re: Risks from CSS injection Aryeh Gregor
• Re: Other CSS attacks (Navigation monitor / History crawler / LAN scanner + attack ) Aryeh Gregor
• Re: Risks from CSS injection gaz Heyes
• Re: Risks from CSS injection Aryeh Gregor
• Re: call for reviewers: XMLHttpRequest Last Call sird@rckc.at
• Re: call for reviewers: XMLHttpRequest Last Call sird@rckc.at
• Re: call for reviewers: XMLHttpRequest Last Call Anne van Kesteren
• Other CSS attacks (Navigation monitor / History crawler / LAN scanner + attack ) Eduardo Vela

Tuesday, 8 December 2009

• Re: Risks from CSS injection David Lindsay
• Re: Seamless iframes + CSS3 selectors = bad idea David Lindsay

Wednesday, 9 December 2009

• Sandboxed Scripts and Styles on HTML / comments? (idea?) Eduardo Vela
• Re: Risks from CSS injection Adam Barth

Tuesday, 8 December 2009

• Feedback on the Strict-Transport-Security specification (EricLaw) =JeffH
• Re: Feedback on the Strict-Transport-Security specification (Adam) =JeffH
• Re: Feedback on the Strict-Transport-Security specification (part 2) =JeffH
• Re: Feedback on the Strict-Transport-Security specification (part 1) =JeffH
• Aryeh's comment thread wrt Strict Transport Security (STS) =JeffH
• Bil's comment thread wrt Strict Transport Security (STS) =JeffH
• STS and lockCA (Gerv) =JeffH
• Jonas' comment thread wrt Strict Transport Security (STS) =JeffH
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea Devdatta
• Re: Risks from CSS injection gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: Risks from CSS injection Daniel Glazman
• Re: Seamless iframes + CSS3 selectors = bad idea Devdatta
• Risks from CSS injection Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Boris Zbarsky
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: ACS (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Re: call for reviewers: XMLHttpRequest Last Call sird@rckc.at
• Re: call for reviewers: XMLHttpRequest Last Call Anne van Kesteren
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: ACS (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: ACS (was Re: Seamless iframes + CSS3 selectors = bad idea) gaz Heyes
• Re: ACS (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Daniel Glazman
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• ACS (was Re: Seamless iframes + CSS3 selectors = bad idea) Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea Daniel Glazman
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Daniel Glazman
• Re: Seamless iframes + CSS3 selectors = bad idea Thomas Roessler
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Adam Barth
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Adam Barth
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes

Monday, 7 December 2009

• Re: Seamless iframes + CSS3 selectors = bad idea Eduardo Vela
• Re: Seamless iframes + CSS3 selectors = bad idea Daniel Glazman
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Daniel Glazman
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Daniel Glazman
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Daniel Glazman
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Maciej Stachowiak
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Adam Barth
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Ian Hickson
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Maciej Stachowiak
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Ian Hickson
• Cross Site Attacks Sigbjørn Vik
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: What is the same-origin policy for (was Re: The Origin header) sird@rckc.at
• Re: What is the same-origin policy for (was Re: The Origin header) Ian Hickson
• Re: What is the same-origin policy for (was Re: The Origin header) sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Ian Hickson
• javascript URIs on stylesheets/redirections Eduardo Vela
• Re: What is the same-origin policy for (was Re: The Origin header) Devdatta
• Re: What is the same-origin policy for (was Re: The Origin header) Eduardo Vela

Sunday, 6 December 2009

• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Adam Barth
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Boris Zbarsky
• Re: Seamless iframes + CSS3 selectors = bad idea Thomas Roessler
• Re: Seamless iframes + CSS3 selectors = bad idea Thomas Roessler
• Re: Seamless iframes + CSS3 selectors = bad idea gaz Heyes
• Re: call for reviewers: XMLHttpRequest Last Call Adam Barth
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Adam Barth
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: call for reviewers: XMLHttpRequest Last Call sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Maciej Stachowiak
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Ian Hickson
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• call for reviewers: XMLHttpRequest Last Call Thomas Roessler
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Ian Hickson
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Ian Hickson
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Ian Hickson
• Re: Seamless iframes + CSS3 selectors = bad idea Ian Hickson
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Ian Hickson
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Ian Hickson
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Devdatta
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) sird@rckc.at
• Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea) Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Ian Hickson
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Eduardo Vela
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Ian Hickson
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak
• Re: Seamless iframes + CSS3 selectors = bad idea Maciej Stachowiak

Saturday, 5 December 2009

• Re: Seamless iframes + CSS3 selectors = bad idea Collin Jackson
• Re: Seamless iframes + CSS3 selectors = bad idea Boris Zbarsky
• Re: Seamless iframes + CSS3 selectors = bad idea sird@rckc.at
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth
• Re: Seamless iframes + CSS3 selectors = bad idea Collin Jackson
• Re: Seamless iframes + CSS3 selectors = bad idea Adam Barth

Friday, 4 December 2009

• Seamless iframes + CSS3 selectors = bad idea Eduardo Vela
• Re: UI issues for security consideration Eduardo Vela
• Re: The Origin header (was Re: HTTPbis and the Same Origin Policy) Daniel Veditz
• Re: The Origin header (was Re: HTTPbis and the Same Origin Policy) Maciej Stachowiak
• Re: wrt wiki/Strict_Transport_Security Adam Barth
• What is the same-origin policy for (was Re: The Origin header) Adam Barth
• Re: The Origin header (was Re: HTTPbis and the Same Origin Policy) Mary Ellen Zurko
• Re: wrt wiki/Strict_Transport_Security Mary Ellen Zurko
• Re: HTTPbis and the Same Origin Policy Mark S. Miller
• Re: HTTPbis and the Same Origin Policy Maciej Stachowiak
• Re: HTTPbis and the Same Origin Policy Maciej Stachowiak
• Re: HTTPbis and the Same Origin Policy Mark S. Miller
• Re: The Origin header (was Re: HTTPbis and the Same Origin Policy) Maciej Stachowiak

Thursday, 3 December 2009

• Re: related security models to same origin policy Adam Barth
• Re: The Origin header (was Re: HTTPbis and the Same Origin Policy) Adam Barth
• Re: The Origin header (was Re: HTTPbis and the Same Origin Policy) Mark S. Miller
• Re: HTTPbis and the Same Origin Policy Mark S. Miller
• RE: The Origin header (was Re: HTTPbis and the Same Origin Policy) Larry Masinter
• The Origin header (was Re: HTTPbis and the Same Origin Policy) Adam Barth
• Re: HTTPbis and the Same Origin Policy Daniel Veditz
• RE: HTTPbis and the Same Origin Policy Larry Masinter
• Re: HTTPbis and the Same Origin Policy Adam Barth
• Re: HTTPbis and the Same Origin Policy Daniel Veditz
• Re: HTTPbis and the Same Origin Policy Tyler Close
• Re: HTTPbis and the Same Origin Policy Maciej Stachowiak
• Re: HTTPbis and the Same Origin Policy Tyler Close
• Re: HTTPbis and the Same Origin Policy Adam Barth
• Re: HTTPbis and the Same Origin Policy Maciej Stachowiak
• Re: HTTPbis and the Same Origin Policy Julian Reschke
• Re: HTTPbis and the Same Origin Policy Adam Barth
• Re: HTTPbis and the Same Origin Policy Julian Reschke
• Re: HTTPbis and the Same Origin Policy Tyler Close
• Re: HTTPbis and the Same Origin Policy Adam Barth
• Re: HTTPbis and the Same Origin Policy Tyler Close
• Re: HTTPbis and the Same Origin Policy Albert Lunde
• Re: HTTPbis and the Same Origin Policy Maciej Stachowiak
• Re: HTTPbis and the Same Origin Policy Daniel Stenberg
• Re: HTTPbis and the Same Origin Policy Adam Barth

Wednesday, 2 December 2009

• fyi: original thread: HTTPbis and the Same Origin Policy =JeffH
• Re: HTTPbis and the Same Origin Policy Tyler Close
• Re: HTTPbis and the Same Origin Policy Tyler Close
• wrt wiki/Strict_Transport_Security =JeffH
• related security models to same origin policy Albert Lunde

Tuesday, 1 December 2009

• Re: UI issues for security consideration Lisa Dusseault
• Re: UI issues for security consideration Mary Ellen Zurko
• Re: UI issues for security consideration Adam Barth
• Re: wiki/Same_Origin_Policy =JeffH
• UI issues for security consideration David Singer
• Re: wiki/Same_Origin_Policy Adam Barth
• Re: wiki/Same_Origin_Policy =JeffH
• wiki/Same_Origin_Policy Adam Barth
• Welcome to the W3C web security mailing list Thomas Roessler

Last message date: Tuesday, 29 December 2009 06:51:15 UTC