public-webappsec@w3.org from October 2014 by author

=JeffH

• Re: NTP vs. HSTS (Friday, 17 October)
• Re: NTP vs. HSTS (Friday, 17 October)

Adam Langley

• Re: NTP vs. HSTS (Friday, 17 October)
• Re: NTP vs. HSTS (Thursday, 16 October)
• Re: NTP vs. HSTS (Thursday, 16 October)

Adrienne Porter Felt

• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)

Anne van Kesteren

• Re: Implementer differences (Friday, 31 October)
• Re: [MIX] 4.5 User Controls (Friday, 31 October)
• Re: [MIX] Modifications to script APIs (Friday, 31 October)
• Re: [MIX] Modifications to script APIs (Friday, 31 October)
• Re: [MIX] 6.1 May browsing context use powerful features? (Friday, 31 October)
• Re: [MIX] 4.5 User Controls (Friday, 31 October)
• Re: [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)
• Re: [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)
• Re: [MIX] Modifications to script APIs (Thursday, 30 October)
• Re: [MIX] Normative statements in 4.1 Resource Fetching (Thursday, 30 October)
• Re: [MIX] 4.5 User Controls (Thursday, 30 October)
• [MIX] 6.1 May browsing context use powerful features? (Thursday, 30 October)
• [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)
• [MIX] 4.5 User Controls (Thursday, 30 October)
• [MIX] Normative statements in 4.1 Resource Fetching (Thursday, 30 October)
• [MIX] Modifications to script APIs (Thursday, 30 October)
• Permission that spans browsing contexts (Thursday, 30 October)
• Re: [MIX] Is origin an authenticated origin? (Wednesday, 29 October)
• Re: CfC: Mixed Content to Last Call? (Wednesday, 29 October)
• Re: FYI: Starting on CSP Next. (Wednesday, 29 October)
• Re: [MIX] Is origin an authenticated origin? (Tuesday, 28 October)
• Re: [MIX] Is origin an authenticated origin? (Tuesday, 28 October)
• No-context ACTION emails are confusing (Tuesday, 28 October)
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Friday, 24 October)
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Friday, 24 October)
• Service workers, dedicated workers, and the environment settings object (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] feedback (Thursday, 23 October)
• Re: [MIX] feedback (Thursday, 23 October)
• Re: [MIX] feedback (Thursday, 23 October)
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts (Wednesday, 22 October)
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts (Tuesday, 21 October)
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Monday, 20 October)
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Monday, 20 October)
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Monday, 20 October)
• Re: [webappsec] Topics for Rechartering (Monday, 20 October)
• Re: NTP vs. HSTS (Thursday, 16 October)
• Re: [integrity] content-addressable cache? (Monday, 6 October)

Ben Toews

• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)
• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)

Boris Zbarsky

• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Friday, 24 October)
• Re: referrer policy questions (Monday, 20 October)

Brad Hill

• Re: [MIX] 4.5 User Controls (Friday, 31 October)
• Re: Implementer differences (Thursday, 30 October)
• Re: [MIX] 4.5 User Controls (Thursday, 30 October)
• Re: Minimum viable SRI? (Wednesday, 29 October)
• [webappsec] do we want a way to hash data: and blob: uris? (Tuesday, 28 October)
• [webappsec] TPAC agenda changes (Tuesday, 28 October)
• Re: [webappsec] F2F at TPAC on hold (Tuesday, 28 October)
• [webappsec] F2F at TPAC on hold (Tuesday, 28 October)
• Re: No-context ACTION emails are confusing (Tuesday, 28 October)
• [webappsec] survey results (Monday, 27 October)
• [webappsec] TPAC living agenda (Sunday, 26 October)
• [webappsec] updated (but still draft) TPAC agenda (Friday, 24 October)
• Re: [integrity] content-addressable cache? (Friday, 24 October)
• Re: [integrity] Different ways to associate integrity information (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• [webappsec] Rough and preliminary TPAC agenda for WebAppSec (Thursday, 23 October)
• [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note (Monday, 20 October)
• [webappsec] Call for Consensus: CSP Level 2 to Candidate Recommendation (Monday, 20 October)
• [webappsec] Survey on WebAppSec Charter v.Next work (Monday, 20 October)
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Monday, 20 October)
• [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Sunday, 19 October)
• [webappsec] Topics for Rechartering (Sunday, 19 October)
• Re: [webappsec] draft new WG home page (Tuesday, 14 October)
• Re: [webappsec] draft new WG home page (Monday, 13 October)
• [webappsec] draft new WG home page (Monday, 13 October)
• [webappsec] SRI : allow multiple integrity attributes or ni:// uris? (Monday, 6 October)
• Re: [integrity] content-addressable cache? (Monday, 6 October)
• This week's teleconference - keep it Wednesday for one more week (Monday, 6 October)

Brian Smith

• Re: [SRI] To trust or not to trust a CDN (Friday, 31 October)
• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)

Chris Palmer

• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Wednesday, 22 October)
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Tuesday, 21 October)
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)
• Re: NTP vs. HSTS (Thursday, 16 October)

Daniel Veditz

• Agenda for WebAppSec WG teleconference Wednesday Oct 8 (Wednesday, 8 October)

David Rogers

• RE: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Wednesday, 22 October)
• RE: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Wednesday, 22 October)

Devdatta Akhawe

• Re: [CSP] Implementer differences: window.open (Friday, 31 October)
• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Friday, 24 October)
• Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note (Tuesday, 21 October)
• Re: [webappsec] SRI : allow multiple integrity attributes or ni:// uris? (Monday, 6 October)
• Re: [integrity] content-addressable cache? (Monday, 6 October)
• Re: [integrity] content-addressable cache? (Monday, 6 October)

Florian Weber

• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts (Thursday, 23 October)
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts (Tuesday, 21 October)
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts (Tuesday, 21 October)
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts (Tuesday, 14 October)
• Allow dynamically inserted <script>-Tags from trustworthy Scripts (Thursday, 9 October)

Frederik Braun

• Re: [SRI] To trust or not to trust a CDN (Thursday, 30 October)
• Re: [SRI] To trust or not to trust a CDN (Thursday, 30 October)
• Re: Minimum viable SRI? (Wednesday, 29 October)
• [SRI] To trust or not to trust a CDN (Tuesday, 28 October)
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Monday, 27 October)
• [integrity] content-addressable cache? (Monday, 6 October)

Giorgio Maone

• Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note (Tuesday, 21 October)

Harry Halpin

• Re: [webappsec] Topics for Rechartering (Monday, 27 October)

Hatter Jiang OWS

• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)

Ian Hickson

• Re: [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)
• Re: [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)
• Re: [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)
• Re: [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)

Ian Melven

• Re: [referrer] HTTPS->HTTP (Monday, 27 October)
• Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note (Thursday, 23 October)

Jeffrey Walton

• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Wednesday, 22 October)

Jim Manico

• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Tuesday, 21 October)

Jochen Eisinger

• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)

Joel Weinberger

• Re: [SRI] To trust or not to trust a CDN (Friday, 31 October)
• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)
• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)

John Kemp

• NTP vs. HSTS (Thursday, 16 October)

Jose Selvi

• Re: NTP vs. HSTS (Thursday, 16 October)

Keiji Takeda

• Re: [CSP] Inconsistency between Source hash introduction and Source hash usage (Monday, 27 October)

Kevin Hill

• RE: Implementer differences (Friday, 31 October)
• [CSP] Implementer differences: window.open (Friday, 31 October)
• RE: Implementer differences (Friday, 31 October)
• Implementer differences (Thursday, 30 October)

Manu Sporny

• Re: [Credential Management]: Tiny prototype to play around with. (Sunday, 26 October)
• Re: [Credential Management]: Tiny prototype to play around with. (Thursday, 16 October)

Mark Goodwin

• Re: [integrity] content-addressable cache? (Wednesday, 8 October)
• Re: [integrity] content-addressable cache? (Tuesday, 7 October)
• Re: [integrity] content-addressable cache? (Monday, 6 October)
• Re: [integrity] content-addressable cache? (Monday, 6 October)
• Re: [integrity] content-addressable cache? (Monday, 6 October)

Mark Nottingham

• Re: [integrity] Different ways to associate integrity information (Monday, 27 October)
• Re: [referrer] HTTPS->HTTP (Monday, 27 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• [referrer] HTTPS->HTTP (Friday, 24 October)
• [integrity] Different ways to associate integrity information (Friday, 24 October)
• Re: [integrity] content-addressable cache? (Friday, 24 October)
• Re: [MIX] feedback (Thursday, 23 October)
• [MIX] feedback (Thursday, 23 October)

Martin Thomson

• Re: [referrer] HTTPS->HTTP (Monday, 27 October)

Michael[tm] Smith

• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Tuesday, 21 October)

Michal Zalewski

• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Friday, 24 October)

Mike O'Neill

• RE: [MIX] 4.5 User Controls (Friday, 31 October)

Mike West

• Re: [MIX] 5.1 Does settings object restrict mixed content? (Friday, 31 October)
• Re: [MIX] 6.1 May browsing context use powerful features? (Thursday, 30 October)
• Re: [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)
• Re: [MIX] Normative statements in 4.1 Resource Fetching (Thursday, 30 October)
• Re: [MIX] Modifications to script APIs (Thursday, 30 October)
• Re: [MIX] 5.1 Does settings object restrict mixed content? (Thursday, 30 October)
• Re: [MIX] Modifications to script APIs (Thursday, 30 October)
• Re: [MIX] Normative statements in 4.1 Resource Fetching (Thursday, 30 October)
• Re: [MIX] 4.5 User Controls (Thursday, 30 October)
• Re: Permission that spans browsing contexts (Thursday, 30 October)
• Re: CfC: Mixed Content to Last Call? (Thursday, 30 October)
• Re: CfC: Mixed Content to Last Call? (Thursday, 30 October)
• CfC: Mixed Content to Last Call? (Wednesday, 29 October)
• Re: FYI: Starting on CSP Next. (Wednesday, 29 October)
• Minimum viable SRI? (Wednesday, 29 October)
• FYI: Starting on CSP Next. (Wednesday, 29 October)
• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)
• Re: [MIX] Is origin an authenticated origin? (Tuesday, 28 October)
• Re: [MIX] Is origin an authenticated origin? (Tuesday, 28 October)
• Re: [CSP] Inconsistency between Source hash introduction and Source hash usage (Monday, 27 October)
• Re: webappsec-ACTION-196: Remove intranet/internet section from Mixed Content spec (Monday, 27 October)
• Re: [CSP] Inconsistency between Source hash introduction and Source hash usage (Monday, 27 October)
• Re: [CSP] Inconsistency between Source hash introduction and Source hash usage (Monday, 27 October)
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Monday, 27 October)
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Friday, 24 October)
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Re: [integrity] Different ways to associate integrity information (Friday, 24 October)
• Re: [referrer] HTTPS->HTTP (Friday, 24 October)
• Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Friday, 24 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] Is origin an authenticated origin? (Thursday, 23 October)
• Re: [MIX] feedback (Thursday, 23 October)
• Re: [MIX] feedback (Thursday, 23 October)
• Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note (Tuesday, 21 October)
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)
• Re: referrer policy questions (Monday, 20 October)
• Re: referrer policy questions (Monday, 20 October)
• "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Monday, 20 October)
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Monday, 20 October)
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Monday, 20 October)
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Monday, 20 October)
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT (Monday, 20 October)
• Re: [Credential Management]: Tiny prototype to play around with. (Friday, 17 October)
• [Credential Management]: Tiny prototype to play around with. (Thursday, 16 October)
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts (Tuesday, 14 October)
• Re: [webappsec] draft new WG home page (Tuesday, 14 October)

Pawel Krawczyk

• Re: NTP vs. HSTS (Thursday, 16 October)

Sean Snider

• Frame access (Wednesday, 29 October)
• Re: [SRI] To trust or not to trust a CDN (Wednesday, 29 October)
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Wednesday, 29 October)
• RE: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Saturday, 25 October)
• RE: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note (Wednesday, 22 October)
• RE: Allow dynamically inserted <script>-Tags from trustworthy Scripts (Thursday, 23 October)

Sid Stamm

• Re: referrer policy questions (Monday, 20 October)
• referrer policy questions (Monday, 20 October)

Tom Ritter

• RE: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) (Saturday, 25 October)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] (Tuesday, 28 October)
• webappsec-ACTION-199: Keep topic of internet/intranet connectivity and https on the w3c radar (Monday, 27 October)
• webappsec-ACTION-198: Take bookmarklets discussion back to the list (Monday, 27 October)
• webappsec-ACTION-197: Schedule an ad-hoc at TPAC 2014 (+wseltzer, +plh, +robin, +tbl?) (Monday, 27 October)
• webappsec-ACTION-196: Remove intranet/internet section from Mixed Content spec (Monday, 27 October)
• webappsec-ACTION-195: Respond to Hatter Jiang on JSONP directives - under consideration for v.Next (Monday, 27 October)
• webappsec-ACTION-194: Respond to Hatter Jiang on 401 attach (Monday, 27 October)
• webappsec-ISSUE-68 (401 prompting by subresources): How to manage 401 phishing prompts by subresources (Monday, 27 October)
• webappsec-ACTION-193: Respond to Brian Smith on referrer-policy (Monday, 27 October)
• webappsec-ACTION-192: Evaluate control over nesting depth. (Monday, 27 October)
• webappsec-ACTION-191: Inconsistency in source hash description (Monday, 27 October)
• webappsec-ACTION-190: Is reflected-xss directive at risk? (Monday, 27 October)
• webappsec-ACTION-189: Evaluatescript-ancestors (Wednesday, 8 October)
• webappsec-ACTION-188: Evaluate json-src (Wednesday, 8 October)

Wendy Seltzer

• Re: [webappsec] draft new WG home page (Thursday, 16 October)

Yagihashi Yu

• [CSP] Inconsistency between Source hash introduction and Source hash usage (Friday, 24 October)

Ángel González

• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) (Tuesday, 21 October)

Last message date: Friday, 31 October 2014 18:38:19 UTC