W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

[webappsec] Rechartering: force secure-only child browsing contexts

From: Brad Hill <hillbrad@gmail.com>
Date: Sun, 9 Nov 2014 16:07:13 -0800
Message-ID: <CAEeYn8jivTioamXVxLEO7X9pM35qrTu+NDdncHZfgNyU40safA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Rechartering Thread 6: Secure-only child browsing contexts

Based on our survey results and discussion at TPAC, there is strong
consensus NOT chartering work on enforcing secure only child browsing
contexts at any level of nesting.

The consensus was that this could be handled reasonably with existing
mechanisms, such as only framing content from origins that themselves
express an HSTS policy.

Please reply to this thread if you wish to express an objection to
this consensus and ask the WG consider this for its charter.

Thank you,

Brad Hill
Received on Monday, 10 November 2014 00:07:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:42 UTC