[webappsec] Rechartering: force secure-only child browsing contexts

Rechartering Thread 6: Secure-only child browsing contexts

Based on our survey results and discussion at TPAC, there is strong
consensus NOT chartering work on enforcing secure only child browsing
contexts at any level of nesting.

The consensus was that this could be handled reasonably with existing
mechanisms, such as only framing content from origins that themselves
express an HSTS policy.

Please reply to this thread if you wish to express an objection to
this consensus and ask the WG consider this for its charter.

Thank you,

Brad Hill

Received on Monday, 10 November 2014 00:07:39 UTC