W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: [integrity]: Origin confusion attacks.

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Thu, 9 Jan 2014 15:25:33 -0800
Message-ID: <CAPfop_14gVNO8VPbp=MR6DO+xpFeve64oz4X=fc7ghAfYdXAsA@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, btoews@github.com, Joel Weinberger <jww@google.com>, Frederik Braun <fbraun@mozilla.com>
> I don't have a good mitigation idea off the top of my head, but I agree it's
> something we should worry about.

I view the integrity-based cache more of a "good-to-have" feature
rather than important to the main use case of the spec. Maybe just
removing this should also be on the table as a possibility? (in case
we can't come up with a clean solution)

Received on Thursday, 9 January 2014 23:26:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:36 UTC