- From: Andrew Sullivan <ajs@anvilwalrusden.com>
- Date: Mon, 16 Jul 2012 17:27:16 -0400
- To: public-web-security@w3.org
Dear colleagues,
On Sun, May 13, 2012 at 03:55:38AM -0700, Maciej Stachowiak wrote:
>
> OK. It's hard to evaluate the merit of the idea without more
> specifics about what clients could do with the info.
Thanks for the many useful comments on
draft-sullivan-domain-origin-assert-00.txt. I've updated it,
attempting to take into consideration comments I received. It's still
rather far from perfect, and the deployability is still questionable
to me, but I thought I'd give it a little more work anyway.
URL:
http://www.ietf.org/internet-drafts/draft-sullivan-domain-origin-assert-01.txt
Status:
http://datatracker.ietf.org/doc/draft-sullivan-domain-origin-assert
Htmlized:
http://tools.ietf.org/html/draft-sullivan-domain-origin-assert-01
Diff:
http://tools.ietf.org/rfcdiff?url2=draft-sullivan-domain-origin-assert-01
Highlights of changes:
* Changed the mnemonic from BOUND to AREALM
* Added ports and scheme to the RRTYPE
* Added some motivating text and suggestions about what can be
done with the new RRTYPE
* Removed use of "origin" term, because it was confusing. The
document filename preserves "origin" in the name in order that
the tracker doesn't lose the change history, but that's just a
vestige.
* Removed references to cross-document information sharing and
ECMAScript. I don't understand the issues there, but Maciej
Stachowiak convinced me that they're different enough that this
mechanism probably won't work.
* Attempted to respond to all comments received. Thanks to the
commenters; omissions and errors are mine.
Best regards,
Andrew
--
Andrew Sullivan
ajs@anvilwalrusden.com
Received on Monday, 16 July 2012 21:27:41 UTC