W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

RE: [webappsec] Reminder: please send your preferences

From: Carson, Cory <Cory.Carson@boeing.com>
Date: Mon, 7 Oct 2013 22:01:45 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <0796D866AA7F644F9DA429C9C7341CE101D5D3@XCH-BLV-201.nw.nos.boeing.com>


From: Brad Hill [mailto:hillbrad@gmail.com] 
Sent: Thursday, October 03, 2013 5:12 PM
To: public-webappsec@w3.org
Subject: [webappsec] Reminder: please send your preferences

This is a request again, for all WG members, to please send your response to this simple poll before our call on Tuesday:

1: We should close the feature set of CSP 1.1?  Agree / Disagree

Abstain

2. We should include the application of 'unsafe-eval' semantics to the CSSOM in the core CSP 1.1 feature set? Agree / Disagree

Agree

3. We should include the suborigin sandboxing proposal in the core CSP 1.1 feature set? Agree / Disagree

Disagree

4. We should include the "Session Origin Security" policy in the core CSP 1.1 feature set?  Agree / Disagree

Disagree

5. We should include the "cookie-scope" policy in the core CSP 1.1 feature set?  Agree / Disagree

Disagree

6. We should make changes to core CSP 1.1 behavior (including possibly specifying a new directive about user script) as requested by Bug 23357?  Agree / Disagree

Disagree

---

Boeing is interested in suborigin sandboxing and "cookie-scope" because they address security concerns of large multi-component web applications. However, it is Boeing's opinion that 3 and 5 be incubated longer before Boeing backs them. Eg, perhaps there is a way to adjust suborigin sandboxing to include 'cookie-scope's goals?
Received on Monday, 7 October 2013 22:02:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:03 UTC