public-webappsec@w3.org from November 2014 by subject

"Requirements for Powerful Features" strawman.

• Martin Thomson (Tuesday, 25 November)
• Chris Palmer (Tuesday, 25 November)
• Martin Thomson (Tuesday, 25 November)
• Mark Nottingham (Sunday, 23 November)
• Nottingham, Mark (Sunday, 23 November)
• Mike West (Saturday, 22 November)
• Mark Watson (Friday, 21 November)
• Mike West (Friday, 21 November)
• Mark Watson (Friday, 21 November)
• Mike West (Friday, 21 November)
• Mark Watson (Friday, 21 November)
• Mike West (Friday, 21 November)
• Mark Watson (Friday, 21 November)
• Mike West (Friday, 21 November)
• Anne van Kesteren (Friday, 21 November)
• Mark Watson (Thursday, 20 November)
• Mark Nottingham (Thursday, 20 November)
• Mike West (Thursday, 20 November)
• Brad Hill (Thursday, 20 November)
• Mike West (Thursday, 20 November)
• Brad Hill (Thursday, 20 November)
• Chris Palmer (Thursday, 20 November)
• Mike West (Thursday, 20 November)
• Brad Hill (Thursday, 20 November)
• Mike West (Thursday, 20 November)

[Bug 27291] New: Referrer: Consider a mechanism to specify a referrer URL.

• bugzilla@jessica.w3.org (Monday, 10 November)

[Bug 27302] New: Define an elaboration of #may-document-use-powerful-features that checks ancestor browsing contexts

• bugzilla@jessica.w3.org (Tuesday, 11 November)

[Bug 27341] New: consider replacing integrity-metatata ABNF production with a precise prose definition of the datatype/microsyntax

• bugzilla@jessica.w3.org (Monday, 17 November)

[CSP] <meta> clarifications

• Anne van Kesteren (Monday, 10 November)
• Brian Smith (Sunday, 9 November)

[CSP] Additional report field: report-only: "true|false"

• Brad Hill (Tuesday, 4 November)

[CSP] An outline of a taxonomy of CSP directives

• Brian Smith (Thursday, 6 November)

[CSP] Clarifications on nonces

• Devdatta Akhawe (Friday, 7 November)
• Brian Smith (Friday, 7 November)
• Brian Smith (Friday, 7 November)
• Daniel Veditz (Thursday, 6 November)
• Devdatta Akhawe (Thursday, 6 November)
• Brian Smith (Thursday, 6 November)

[CSP] Clarifications regarding the HTTP LINK Header

• Anne van Kesteren (Tuesday, 18 November)
• Deian Stefan (Tuesday, 18 November)
• Brian Smith (Tuesday, 18 November)
• Brad Hill (Tuesday, 18 November)
• Deian Stefan (Tuesday, 18 November)
• Brad Hill (Monday, 17 November)
• Ilya Grigorik (Friday, 14 November)
• Anne van Kesteren (Friday, 14 November)
• Brian Smith (Friday, 14 November)
• Ilya Grigorik (Thursday, 13 November)
• Boris Zbarsky (Thursday, 13 November)
• Brian Smith (Thursday, 13 November)
• Ilya Grigorik (Wednesday, 12 November)
• Brian Smith (Wednesday, 12 November)
• Ilya Grigorik (Wednesday, 12 November)
• Brian Smith (Tuesday, 11 November)
• Ilya Grigorik (Tuesday, 11 November)
• Brian Smith (Sunday, 9 November)

[CSP] Consistency of CSP hash-source with SRI regarding secure origins

• Brian Smith (Thursday, 6 November)

[CSP] Implementer differences: window.open

• Mike West (Monday, 3 November)

[CSP] may we have script-ancestors to protect JSONP call

• Brad Hill (Tuesday, 4 November)

[CSP] outbound links

• Nottingham, Mark (Sunday, 23 November)

[CSP] PING-- CSP vs. Fetch

• Mike West (Monday, 17 November)
• Daniel Veditz (Saturday, 15 November)

[CSP] prevent 401 attach

• Brad Hill (Tuesday, 4 November)

[CSP] Problems with frame-ancestors; X-Frame-Options not obsolete?

• Brian Smith (Wednesday, 12 November)
• Brian Smith (Thursday, 6 November)

[CSP] Relative/absolute hostname matching

• Anne van Kesteren (Friday, 7 November)
• Mike West (Friday, 7 November)
• Anne van Kesteren (Friday, 7 November)
• Brian Smith (Thursday, 6 November)
• Mike West (Thursday, 6 November)
• Brian Smith (Thursday, 6 November)

[CSP] URI Query part matching

• Mike West (Thursday, 6 November)
• Brian Smith (Thursday, 6 November)

[CSP] URI/IRI normalization and comparison

• Brian Smith (Tuesday, 18 November)
• Anne van Kesteren (Wednesday, 12 November)
• Brian Smith (Wednesday, 12 November)
• Anne van Kesteren (Wednesday, 12 November)
• Brian Smith (Tuesday, 11 November)
• Brian Smith (Tuesday, 11 November)
• Brian Smith (Tuesday, 11 November)
• Anne van Kesteren (Monday, 10 November)
• Anne van Kesteren (Monday, 10 November)
• Brian Smith (Monday, 10 November)
• Brian Smith (Monday, 10 November)
• Anne van Kesteren (Friday, 7 November)
• Brian Smith (Thursday, 6 November)

[CSP] violation reports for sandbox

• Brian Smith (Thursday, 6 November)
• Devdatta Akhawe (Thursday, 6 November)
• Deian Stefan (Thursday, 6 November)
• Daniel Veditz (Thursday, 6 November)
• Brian Smith (Thursday, 6 November)

[MIX] 4.5 User Controls

• Brad Hill (Monday, 3 November)
• Mike O'Neill (Monday, 3 November)
• Brad Hill (Monday, 3 November)

[MIX] HTTPS -> non-HTTPS redirects

• Mike West (Tuesday, 25 November)
• Brian Smith (Tuesday, 25 November)

[MIX] Initial feedback on Mixed Content

• Jim Manico (Friday, 28 November)
• Jeffrey Walton (Friday, 28 November)
• Anne van Kesteren (Tuesday, 25 November)
• Mike West (Tuesday, 25 November)
• Brian Smith (Monday, 24 November)
• Mike West (Monday, 24 November)
• Mike West (Sunday, 23 November)
• Brian Smith (Friday, 21 November)
• Mike West (Tuesday, 18 November)
• Brian Smith (Tuesday, 18 November)
• Brian Smith (Tuesday, 18 November)
• Jake Archibald (Friday, 14 November)
• Mike West (Friday, 14 November)
• Brian Smith (Friday, 14 November)

[MIX] Interaction between HSTS and mixed content blocking

• Anne van Kesteren (Wednesday, 19 November)
• Adam Langley (Wednesday, 19 November)
• Brian Smith (Wednesday, 19 November)
• Anne van Kesteren (Wednesday, 19 November)
• Brian Smith (Wednesday, 19 November)

[MIX] Language improvement for authenticated origin defintiion

• Mark Watson (Tuesday, 18 November)
• Jeffrey Yasskin (Tuesday, 18 November)
• Mark Watson (Tuesday, 18 November)

[MIX] link rel=icon

• Pete Freitag (Tuesday, 18 November)

[MIX] Modifications to script APIs

• Mike West (Monday, 3 November)
• Mike West (Monday, 3 November)

[MIX] RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11

• timeless (Tuesday, 11 November)
• Mike West (Tuesday, 11 November)
• timeless (Tuesday, 11 November)
• timeless@gmail.com (Tuesday, 11 November)

[power] simplify 2.1

• chaals@yandex-team.ru (Friday, 28 November)
• Mike West (Friday, 28 November)
• chaals@yandex-team.ru (Tuesday, 25 November)

[SRI] Escaping mixed-content blocking for video distribution

• Mark Watson (Tuesday, 18 November)
• Brad Hill (Monday, 17 November)
• Chris Palmer (Friday, 14 November)
• Anne van Kesteren (Thursday, 13 November)
• Mike West (Thursday, 13 November)
• Anne van Kesteren (Thursday, 13 November)
• Mike West (Thursday, 13 November)
• Anne van Kesteren (Thursday, 13 November)
• Mark Watson (Thursday, 13 November)
• Brian Smith (Thursday, 13 November)
• Mark Watson (Wednesday, 12 November)
• Brian Smith (Wednesday, 12 November)
• Mark Watson (Wednesday, 12 November)
• Mark Watson (Wednesday, 12 November)
• Brad Hill (Wednesday, 12 November)
• Mark Watson (Wednesday, 12 November)
• Anne van Kesteren (Wednesday, 12 November)
• Brad Hill (Wednesday, 12 November)
• Mark Watson (Wednesday, 12 November)
• Mark Watson (Wednesday, 5 November)
• Adam Langley (Wednesday, 5 November)
• Mark Watson (Wednesday, 5 November)
• Mark Watson (Wednesday, 5 November)
• Adam Langley (Monday, 3 November)
• Mike West (Monday, 3 November)
• Mark Watson (Monday, 3 November)

[SRI] may only be used in documents in secure origins

• Pete Freitag (Wednesday, 5 November)
• Brian Smith (Wednesday, 5 November)
• Brian Smith (Wednesday, 5 November)
• Chris Palmer (Wednesday, 5 November)
• Anne van Kesteren (Wednesday, 5 November)
• Devdatta Akhawe (Wednesday, 5 November)
• Brian Smith (Wednesday, 5 November)
• Michal Zalewski (Wednesday, 5 November)
• Chris Palmer (Wednesday, 5 November)
• Michal Zalewski (Tuesday, 4 November)
• Tanvi Vyas (Tuesday, 4 November)
• Chris Palmer (Tuesday, 4 November)
• Joel Weinberger (Tuesday, 4 November)
• Frederik Braun (Monday, 3 November)
• Pete Freitag (Monday, 3 November)

[SRI] To trust or not to trust a CDN

• Frederik Braun (Friday, 21 November)
• Eduardo Robles Elvira (Thursday, 20 November)
• Brian Smith (Thursday, 20 November)
• Brian Smith (Thursday, 20 November)
• Frederik Braun (Thursday, 20 November)
• Brad Hill (Thursday, 20 November)
• Brian Smith (Thursday, 20 November)
• Devdatta Akhawe (Sunday, 9 November)
• Brian Smith (Thursday, 6 November)
• Devdatta Akhawe (Thursday, 6 November)
• Brian Smith (Wednesday, 5 November)
• Brian Smith (Wednesday, 5 November)
• Brian Smith (Wednesday, 5 November)

[webappsec] "operator eval"

• Brad Hill (Friday, 14 November)

[webappsec] Agenda for Teleconference, Monday 03 Nov 2014

• Frederik Braun (Monday, 3 November)
• Brad Hill (Monday, 3 November)

[webappsec] Agenda for Teleconference, Monday 17 Nov 2014

• Mike West (Monday, 17 November)
• Brad Hill (Monday, 17 November)

[webappsec] Draft charter for review

• Mike West (Tuesday, 11 November)
• Brad Hill (Monday, 10 November)

[webappsec] New W3C process and Last Call

• =JeffH (Tuesday, 11 November)
• Brad Hill (Tuesday, 11 November)
• Wendy Seltzer (Tuesday, 11 November)
• chaals@yandex-team.ru (Tuesday, 11 November)
• Ian Melven (Monday, 10 November)
• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: additional cookie data

• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: COWL

• Deian Stefan (Monday, 10 November)
• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Credential Management API

• Mike West (Thursday, 13 November)
• Brad Hill (Sunday, 9 November)

[webappsec] Rechartering: CSP Level 3

• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Entry Point Regulation (EPR)

• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: force secure-only child browsing contexts

• Mike West (Friday, 14 November)
• Brian Smith (Friday, 14 November)
• Ryan Sleevi (Friday, 14 November)
• Brian Smith (Friday, 14 November)
• Mike West (Wednesday, 12 November)
• Brian Smith (Wednesday, 12 November)
• Brad Hill (Monday, 10 November)
• Anne van Kesteren (Monday, 10 November)
• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: MIME-type sniffing

• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: sandboxed cross-origin workers

• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Secure Introduction of Internet-Connected Things

• Brad Hill (Wednesday, 12 November)
• Brad Hill (Monday, 10 November)
• Anne van Kesteren (Monday, 10 November)
• Chris Palmer (Monday, 10 November)
• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Sub-Origins

• Nottingham, Mark (Sunday, 23 November)
• Brian Smith (Tuesday, 11 November)
• Michal Zalewski (Tuesday, 11 November)
• Brad Hill (Monday, 10 November)
• Brian Smith (Monday, 10 November)
• Brad Hill (Monday, 10 November)
• David Bruant (Monday, 10 November)
• Devdatta Akhawe (Monday, 10 November)
• Michal Zalewski (Monday, 10 November)
• Mike West (Monday, 10 November)
• David Bruant (Monday, 10 November)
• Deian Stefan (Monday, 10 November)
• Devdatta Akhawe (Monday, 10 November)
• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Web Authentication v.Next

• Brad Hill (Monday, 10 November)

[webappsec] Rechartering: Write-Only Form Elements

• Brad Hill (Monday, 10 November)
• Daniel Kahn Gillmor (Monday, 10 November)
• Brad Hill (Sunday, 9 November)

[webappsec] TPAC summary

• Mike West (Monday, 3 November)
• Brad Hill (Monday, 3 November)

Avoiding syncronous manifest requests in EPR

• David Ross (Thursday, 13 November)
• Devdatta Akhawe (Sunday, 9 November)
• David Ross (Thursday, 6 November)
• Devdatta Akhawe (Wednesday, 5 November)
• David Ross (Tuesday, 4 November)
• Devdatta Akhawe (Tuesday, 4 November)
• David Ross (Monday, 3 November)

Bug tracking

• Mike West (Tuesday, 11 November)
• Brad Hill (Monday, 10 November)
• Anne van Kesteren (Sunday, 9 November)
• Frederik Braun (Friday, 7 November)
• Mike West (Friday, 7 November)
• Anne van Kesteren (Friday, 7 November)

Call for consensus to move forward with proposed rechartering of WebAppSec WG

• Mounir Lamouri (Tuesday, 25 November)
• Brad Hill (Wednesday, 19 November)
• Giorgio Maone (Wednesday, 19 November)
• Frederik Braun (Wednesday, 19 November)
• Mike West (Tuesday, 18 November)
• Brad Hill (Tuesday, 18 November)

Call for Exclusions (Update): Referrer Policy

• Coralie Mercier (Thursday, 6 November)

Call for Exclusions: Mixed Content

• Coralie Mercier (Thursday, 13 November)

CfC: Mixed Content to Last Call?

• Brad Hill (Monday, 10 November)
• Wendy Seltzer (Monday, 10 November)
• Mike West (Monday, 10 November)
• Mike West (Friday, 7 November)
• Daniel Veditz (Friday, 7 November)
• Wendy Seltzer (Friday, 7 November)
• Brad Hill (Friday, 7 November)
• Mike West (Friday, 7 November)

CfC: Publish a FPWD of "Requirements for Powerful Features"

• John Kemp (Tuesday, 25 November)
• chaals@yandex-team.ru (Tuesday, 25 November)
• Mike West (Tuesday, 25 November)
• Brad Hill (Monday, 24 November)
• Mike West (Monday, 24 November)
• Brad Hill (Monday, 24 November)
• Mark Nottingham (Monday, 24 November)
• Mike West (Monday, 24 November)

Clarification of CSP sandbox and workers

• Ian Hickson (Wednesday, 12 November)
• Deian Stefan (Wednesday, 12 November)
• Mike West (Wednesday, 12 November)
• Anne van Kesteren (Wednesday, 12 November)

CSP3: DOM API Strawman

• Devdatta Akhawe (Thursday, 6 November)
• Mike West (Tuesday, 4 November)
• Devdatta Akhawe (Tuesday, 4 November)
• Boris Zbarsky (Monday, 3 November)
• Mike West (Monday, 3 November)
• Boris Zbarsky (Monday, 3 November)
• Mike West (Monday, 3 November)
• Boris Zbarsky (Monday, 3 November)
• Mike West (Monday, 3 November)

CSP: Problems with referrer and reflected-xss

• Daniel Veditz (Wednesday, 5 November)
• Mike West (Wednesday, 5 November)
• Mike West (Wednesday, 5 November)
• Daniel Veditz (Wednesday, 5 November)
• Devdatta Akhawe (Wednesday, 5 November)
• Brian Smith (Wednesday, 5 November)
• Brad Hill (Tuesday, 4 November)

Early morning thoughts on referrers.

• Brian Smith (Wednesday, 19 November)
• Brad Hill (Tuesday, 18 November)
• Devdatta Akhawe (Tuesday, 18 November)
• Brad Hill (Tuesday, 18 November)
• Anne van Kesteren (Monday, 10 November)
• Jochen Eisinger (Monday, 10 November)
• Anne van Kesteren (Monday, 10 November)
• Brian Smith (Monday, 10 November)
• Mike West (Monday, 10 November)

Frame access

• Brad Hill (Monday, 3 November)

Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)

• Sean Snider (Tuesday, 4 November)
• Sean Snider (Tuesday, 4 November)
• Brad Hill (Tuesday, 4 November)
• Brad Hill (Monday, 3 November)
• Sean Snider (Monday, 3 November)
• Brad Hill (Monday, 3 November)

Netflix, MSE, and EME

• Anne van Kesteren (Friday, 14 November)

Rechartering: Permissions API

• Mounir Lamouri (Thursday, 13 November)
• Brad Hill (Thursday, 13 November)
• Daniel Veditz (Thursday, 13 November)
• Mounir Lamouri (Thursday, 13 November)
• Mike West (Thursday, 13 November)
• Daniel Veditz (Wednesday, 12 November)
• Brad Hill (Wednesday, 12 November)
• Mounir Lamouri (Wednesday, 12 November)

Referrer Policy: Same-origin URIs

• Devdatta Akhawe (Monday, 10 November)
• Brian Smith (Monday, 10 November)
• Devdatta Akhawe (Sunday, 9 November)
• Brian Smith (Sunday, 9 November)
• Devdatta Akhawe (Sunday, 9 November)
• Michal Zalewski (Saturday, 8 November)
• Jim Manico (Saturday, 8 November)
• Michal Zalewski (Saturday, 8 November)
• Michal Zalewski (Saturday, 8 November)
• Michal Zalewski (Saturday, 8 November)
• Devdatta Akhawe (Saturday, 8 November)

RfC: WebAppSec's Last Call Working Draft of Mixed Content; deadline December 11

• Mike West (Tuesday, 11 November)

Should CSP affect a Notification icon?

• Jim Manico (Monday, 10 November)
• Anne van Kesteren (Monday, 10 November)
• Anne van Kesteren (Monday, 10 November)
• Daniel Veditz (Monday, 10 November)
• Devdatta Akhawe (Monday, 10 November)
• Deian Stefan (Monday, 10 November)
• Brian Smith (Monday, 10 November)
• Jim Manico (Monday, 10 November)
• Daniel Veditz (Monday, 10 November)
• Brian Smith (Sunday, 9 November)
• Brian Smith (Sunday, 9 November)
• Daniel Veditz (Sunday, 9 November)

snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"

• chaals@yandex-team.ru (Friday, 28 November)
• Mike West (Friday, 28 November)
• chaals@yandex-team.ru (Tuesday, 25 November)

some testing on workers and sandbox

• Brad Hill (Thursday, 20 November)
• Anne van Kesteren (Thursday, 20 November)
• Boris Zbarsky (Thursday, 20 November)
• Brad Hill (Wednesday, 19 November)
• Boris Zbarsky (Wednesday, 19 November)
• Anne van Kesteren (Wednesday, 19 November)
• Boris Zbarsky (Wednesday, 19 November)
• Brad Hill (Wednesday, 19 November)
• Brad Hill (Tuesday, 18 November)

TPAC survey

• Brad Hill (Friday, 14 November)

webappsec-ACTION-200: Investigate git issue tooling with other w3c groups

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-201: Add permissions api to draft charter

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-202: Issue cfc on new draft charter

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-203: Raise issue for sri large object /streaming integrity

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-204: Reply to mark watson that 1/2 of his issue is a last call comment to mix

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-205: Does link really violate csp guarantees?

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-206: Reply on referrer suggest imperative policy controls in serviceworker

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ACTION-207: Raise definition of sandboxed worker in html spec

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]

• Brad Hill (Tuesday, 18 November)
• Deian Stefan (Tuesday, 18 November)

webappsec-ISSUE-70 (Using ni:/// as CSP source): Investigate using ni:/// as a CSP source expression [CSP Next]

• Web Application Security Working Group Issue Tracker (Tuesday, 4 November)

webappsec-ISSUE-71 (JSONP directives): Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces [CSP Level 3]

• Web Application Security Working Group Issue Tracker (Tuesday, 4 November)

webappsec-ISSUE-72 (Streaming Integrity): How to apply integrity verification to large / streaming downloads [Subresource Integrity Level 2]

• Web Application Security Working Group Issue Tracker (Monday, 17 November)

WebRTC Security Assessment

• Rigo Wenning (Wednesday, 5 November)
• Daniel Kahn Gillmor (Wednesday, 5 November)
• Rigo Wenning (Wednesday, 5 November)

Last message date: Friday, 28 November 2014 17:11:31 UTC