W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

Re: [webappsec] Reminder: please send your preferences

From: Daniel Veditz <dveditz@mozilla.com>
Date: Tue, 08 Oct 2013 14:49:17 -0700
Message-ID: <52547DDD.9040503@mozilla.com>
To: "Nottingham, Mark" <mnotting@akamai.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 10/7/2013 3:24 AM, Nottingham, Mark wrote:
> On 04/10/2013, at 10:11 AM, Brad Hill <hillbrad@gmail.com> wrote:
>> 5. We should include the "cookie-scope" policy in the core CSP 1.1
>> feature set?  Agree / Disagree
> It seems like a few folks are disagreeing with this one. For my
> information - are people against working in this area at all, or is
> it just the specific proposal, or is it just a timing thing, orů?

I think all three proposals are worth exploring, but they are somewhat
overlapping and could in some cases be enforced outside of CSP. I'm in
favor of wrapping up an incremental CSP 1.1 and don't think we can
resolve these other proposals in a short time frame. We should save them
for a CSP 1.2 discussion.

-Dan Veditz

Received on Tuesday, 8 October 2013 21:49:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:35 UTC