- From: Mike West <mkwst@google.com>
- Date: Fri, 7 Feb 2014 15:20:13 +0100
- To: Fred Andrews <fredandw@live.com>
- Cc: Web Application Security Working Group <public-webappsec@w3.org>
- Message-ID: <CAKXHy=eFjvjXX6KmuKbJXGGNk6qCD1fB11suKrsT79=ci=uHqg@mail.gmail.com>
Hi Fred! On Fri, Feb 7, 2014 at 8:31 AM, Fred Andrews <fredandw@live.com> wrote: > It seems that the technical issues have not been solved, and the UA vendors have not followed though with the commitments made, and this changes the landscape so I reopen the dispute. > > Really? My impression is that Chrome does a generally reasonable job with extensions (though a less reasonable job with bookmarklets). There are edge cases that we don't have good solutions for, but I'd hardly call the state of affairs dire. If that's incorrect, please do submit bug reports. I'll do my best to fix them. > I would like the CSP to be amended to note that the sending of CSP reports is optional in a conforming implementation and that the UA should expect a website to supply a useful CSP that does not depend on the website implementing an overly broad CSP and analyzing the reports. > > I don't really understand this sentence. Can you explain what you mean with regard to the UA's expectations with regard to the website? In any event, I assume the request relates to the discussion we had at the end of 2012[1, 2] regarding fingerprinting. My impression was that we'd resolved that in the WG (though I recall that you didn't agree with the consensus reached). [1]: http://lists.w3.org/Archives/Public/public-webappsec/2012Oct/0029.html [2]: https://www.w3.org/2011/webappsec/track/issues/11 -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 7 February 2014 14:21:01 UTC