W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Discussions with HTTP WG about Origin header [was: Do we need to rename the Origin header?]

From: Michael(tm) Smith <mike@w3.org>
Date: Wed, 8 Apr 2009 14:18:32 +0900
To: Thomas Roessler <tlr@w3.org>
Cc: Jonas Sicking <jonas@sicking.cc>, Bil Corry <bil@corry.biz>, Ian Hickson <ian@hixie.ch>, Adam Barth <w3c@adambarth.com>, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>
Message-ID: <20090408051831.GA18769@sideshowbarker>
Thomas Roessler <tlr@w3.org>, 2009-04-06 11:19 +0200:

>  (The http-wg discussion looked ill-informed; among other things, they didn't 
>  understand the relationship with CORS.)

I'm not sure if "ill-informed" is the best way to describe it (at
least it's perhaps not the most diplomatic). But along with the
issues such some people in the discussion maybe not understanding
the relationship with CORS -- which is at least something that can
be addressed (by people taking time to learn what the relationship
is) -- we have what seems like a lot more serious issue of
statements like "CSRF is not a security issue for the Web" being
made in the discussion. Statements like that seem to indicate a
real lack of agreement with them and us about what problems we
need to be trying to help solve. I would think that if we can't
get agreement about what the problems are, it's going to be pretty
much impossible to have any productive discussion at all.


Michael(tm) Smith
Received on Wednesday, 8 April 2009 05:18:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:53 UTC