- From: Nottingham, Mark <mnotting@akamai.com>
- Date: Tue, 8 Oct 2013 16:20:44 -0600
- To: Daniel Veditz <dveditz@mozilla.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Tuesday, 8 October 2013 22:21:12 UTC
On 08/10/2013, at 2:49 PM, Daniel Veditz <dveditz@mozilla.com> wrote: > On 10/7/2013 3:24 AM, Nottingham, Mark wrote: >> On 04/10/2013, at 10:11 AM, Brad Hill <hillbrad@gmail.com> wrote: >> >>> 5. We should include the "cookie-scope" policy in the core CSP 1.1 >>> feature set? Agree / Disagree >> >> It seems like a few folks are disagreeing with this one. For my >> information - are people against working in this area at all, or is >> it just the specific proposal, or is it just a timing thing, or…? > > I think all three proposals are worth exploring, but they are somewhat > overlapping and could in some cases be enforced outside of CSP. I'm in > favor of wrapping up an incremental CSP 1.1 and don't think we can > resolve these other proposals in a short time frame. We should save them > for a CSP 1.2 discussion. Thanks, that makes sense. Bit of a shame that WebAppSec isn't meeting at TPAC, would be nice to start those discussions. Will anyone from the WG be there? Would be nice to meet some people, even informally. Cheers, -- Mark Nottingham mnot@akamai.com http://www.mnot.net/
Received on Tuesday, 8 October 2013 22:21:12 UTC