ACS (was Re: Seamless iframes + CSS3 selectors = bad idea)
Aryeh's comment thread wrt Strict Transport Security (STS)
Bil's comment thread wrt Strict Transport Security (STS)
call for reviewers: XMLHttpRequest Last Call
Cross Site Attacks
Feedback on the Strict-Transport-Security specification (Adam)
Feedback on the Strict-Transport-Security specification (EricLaw)
Feedback on the Strict-Transport-Security specification (part 1)
Feedback on the Strict-Transport-Security specification (part 2)
following up on STS feedback -- draft-hodges-strict-transport-sec-06.plain.html
fyi: original thread: HTTPbis and the Same Origin Policy
- =JeffH (Wednesday, 2 December)
fyi: wiki/Same_Origin_Policy linked-to by Browser Security Handbook (BSH)
Handling multiple headers when only one is allowed
HTTP Mutual-auth proposal status / HTTP AUTH meet-up in Anaheim?
HTTPbis and the Same Origin Policy
- Mark S. Miller (Friday, 4 December)
- Maciej Stachowiak (Friday, 4 December)
- Maciej Stachowiak (Friday, 4 December)
- Mark S. Miller (Friday, 4 December)
- Mark S. Miller (Thursday, 3 December)
- Daniel Veditz (Thursday, 3 December)
- Larry Masinter (Thursday, 3 December)
- Adam Barth (Thursday, 3 December)
- Daniel Veditz (Thursday, 3 December)
- Tyler Close (Thursday, 3 December)
- Maciej Stachowiak (Thursday, 3 December)
- Tyler Close (Thursday, 3 December)
- Adam Barth (Thursday, 3 December)
- Maciej Stachowiak (Thursday, 3 December)
- Julian Reschke (Thursday, 3 December)
- Adam Barth (Thursday, 3 December)
- Julian Reschke (Thursday, 3 December)
- Tyler Close (Thursday, 3 December)
- Adam Barth (Thursday, 3 December)
- Tyler Close (Thursday, 3 December)
- Albert Lunde (Thursday, 3 December)
- Maciej Stachowiak (Thursday, 3 December)
- Daniel Stenberg (Thursday, 3 December)
- Adam Barth (Thursday, 3 December)
- Tyler Close (Wednesday, 2 December)
- Tyler Close (Wednesday, 2 December)
javascript URIs on stylesheets/redirections
Jonas' comment thread wrt Strict Transport Security (STS)
Mobile Security barcamp - 19th January 2010, Sophia Antipolis
more flexible ABNF for STS? (=JeffH)
Other CSS attacks (Navigation monitor / History crawler / LAN scanner + attack )
related security models to same origin policy
Request for Comments: LCWD of Widget Access Request Policy spec; deadline 13-Jan-2010
Risks from CSS injection
- gaz Heyes (Thursday, 10 December)
- Maciej Stachowiak (Wednesday, 9 December)
- gaz Heyes (Wednesday, 9 December)
- Maciej Stachowiak (Wednesday, 9 December)
- Aryeh Gregor (Wednesday, 9 December)
- gaz Heyes (Wednesday, 9 December)
- Aryeh Gregor (Wednesday, 9 December)
- David Lindsay (Tuesday, 8 December)
- Adam Barth (Wednesday, 9 December)
- gaz Heyes (Tuesday, 8 December)
- Daniel Glazman (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
Same origin CSS selector attacks
Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea)
- sird@rckc.at (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- Adam Barth (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- Adam Barth (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- Maciej Stachowiak (Monday, 7 December)
- Adam Barth (Monday, 7 December)
- Maciej Stachowiak (Monday, 7 December)
- Ian Hickson (Monday, 7 December)
- Maciej Stachowiak (Monday, 7 December)
- Maciej Stachowiak (Monday, 7 December)
- Ian Hickson (Monday, 7 December)
- Adam Barth (Sunday, 6 December)
- Boris Zbarsky (Sunday, 6 December)
- Adam Barth (Sunday, 6 December)
- Adam Barth (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- Devdatta (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Adam Barth (Sunday, 6 December)
Sandboxed Scripts and Styles on HTML / comments? (idea?)
Seamless iframes + CSS3 selectors = bad idea
- gaz Heyes (Thursday, 10 December)
- Mary Ellen Zurko (Wednesday, 9 December)
- David Lindsay (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- Devdatta (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- Devdatta (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- Boris Zbarsky (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
- Maciej Stachowiak (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- Daniel Glazman (Tuesday, 8 December)
- Adam Barth (Tuesday, 8 December)
- Adam Barth (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- Adam Barth (Tuesday, 8 December)
- Adam Barth (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- Daniel Glazman (Tuesday, 8 December)
- Adam Barth (Tuesday, 8 December)
- sird@rckc.at (Tuesday, 8 December)
- Daniel Glazman (Tuesday, 8 December)
- Thomas Roessler (Tuesday, 8 December)
- gaz Heyes (Tuesday, 8 December)
- Eduardo Vela (Monday, 7 December)
- Daniel Glazman (Monday, 7 December)
- Adam Barth (Monday, 7 December)
- Daniel Glazman (Monday, 7 December)
- Adam Barth (Monday, 7 December)
- Daniel Glazman (Monday, 7 December)
- Adam Barth (Monday, 7 December)
- Daniel Glazman (Monday, 7 December)
- Maciej Stachowiak (Monday, 7 December)
- gaz Heyes (Monday, 7 December)
- Maciej Stachowiak (Monday, 7 December)
- Maciej Stachowiak (Monday, 7 December)
- Ian Hickson (Monday, 7 December)
- sird@rckc.at (Monday, 7 December)
- sird@rckc.at (Monday, 7 December)
- Thomas Roessler (Sunday, 6 December)
- Thomas Roessler (Sunday, 6 December)
- gaz Heyes (Sunday, 6 December)
- Adam Barth (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Adam Barth (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- sird@rckc.at (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- Eduardo Vela (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- Ian Hickson (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- Maciej Stachowiak (Sunday, 6 December)
- Collin Jackson (Saturday, 5 December)
- Boris Zbarsky (Saturday, 5 December)
- sird@rckc.at (Saturday, 5 December)
- Adam Barth (Saturday, 5 December)
- Collin Jackson (Saturday, 5 December)
- Adam Barth (Saturday, 5 December)
- Eduardo Vela (Friday, 4 December)
STS and "mixed content" (Part 3 of Re: Feedback on the Strict-Transport-Security specification)
STS and lockCA (Gerv)
STS and lockCA and EVonly (was: STS and lockCA (Gerv))
- =JeffH (Thursday, 10 December)
STS user-agent processing and new max-age values
The Origin header (was Re: HTTPbis and the Same Origin Policy)
UI issues for security consideration
Welcome to the W3C web security mailing list
What is the same-origin policy for (was Re: The Origin header)
wiki/Same_Origin_Policy
wrt wiki/Strict_Transport_Security
Last message date: Tuesday, 29 December 2009 06:51:15 UTC