W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

Re: [webappsec] Reminder: please send your preferences

From: Nottingham, Mark <mnotting@akamai.com>
Date: Tue, 8 Oct 2013 16:20:44 -0600
To: Daniel Veditz <dveditz@mozilla.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <5D5732E1-D94E-4C08-990A-352B0257C543@akamai.com>
On 08/10/2013, at 2:49 PM, Daniel Veditz <dveditz@mozilla.com> wrote:

> On 10/7/2013 3:24 AM, Nottingham, Mark wrote:
>> On 04/10/2013, at 10:11 AM, Brad Hill <hillbrad@gmail.com> wrote:
>>> 5. We should include the "cookie-scope" policy in the core CSP 1.1
>>> feature set?  Agree / Disagree
>> It seems like a few folks are disagreeing with this one. For my
>> information - are people against working in this area at all, or is
>> it just the specific proposal, or is it just a timing thing, orů?
> I think all three proposals are worth exploring, but they are somewhat
> overlapping and could in some cases be enforced outside of CSP. I'm in
> favor of wrapping up an incremental CSP 1.1 and don't think we can
> resolve these other proposals in a short time frame. We should save them
> for a CSP 1.2 discussion.

Thanks, that makes sense.

Bit of a shame that WebAppSec isn't meeting at TPAC, would be nice to start those discussions. Will anyone from the WG be there? Would be nice to meet some people, even informally.


Mark Nottingham    mnot@akamai.com   http://www.mnot.net/

Received on Tuesday, 8 October 2013 22:21:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:35 UTC