public-webappsec@w3.org from October 2014 by date

Friday, 31 October 2014

• Re: [SRI] To trust or not to trust a CDN Joel Weinberger
• Re: [CSP] Implementer differences: window.open Devdatta Akhawe
• RE: Implementer differences Kevin Hill
• [CSP] Implementer differences: window.open Kevin Hill
• Re: Implementer differences Anne van Kesteren
• RE: Implementer differences Kevin Hill
• RE: [MIX] 4.5 User Controls Mike O'Neill
• Re: [MIX] 4.5 User Controls Anne van Kesteren
• Re: [MIX] 4.5 User Controls Brad Hill
• Re: [MIX] Modifications to script APIs Anne van Kesteren
• Re: [MIX] Modifications to script APIs Anne van Kesteren
• Re: [MIX] 6.1 May browsing context use powerful features? Anne van Kesteren
• Re: [MIX] 4.5 User Controls Anne van Kesteren
• Re: [MIX] 5.1 Does settings object restrict mixed content? Mike West
• Re: [SRI] To trust or not to trust a CDN Brian Smith

Thursday, 30 October 2014

• Re: Implementer differences Brad Hill
• Re: [MIX] 5.1 Does settings object restrict mixed content? Ian Hickson
• Implementer differences Kevin Hill
• Re: [MIX] 4.5 User Controls Brad Hill
• Re: [MIX] 6.1 May browsing context use powerful features? Mike West
• Re: [MIX] 5.1 Does settings object restrict mixed content? Mike West
• Re: [MIX] Normative statements in 4.1 Resource Fetching Mike West
• Re: [MIX] Modifications to script APIs Mike West
• Re: [MIX] 5.1 Does settings object restrict mixed content? Mike West
• Re: [MIX] 5.1 Does settings object restrict mixed content? Ian Hickson
• Re: [MIX] 5.1 Does settings object restrict mixed content? Anne van Kesteren
• Re: [MIX] 5.1 Does settings object restrict mixed content? Ian Hickson
• Re: [MIX] 5.1 Does settings object restrict mixed content? Anne van Kesteren
• Re: [MIX] 5.1 Does settings object restrict mixed content? Ian Hickson
• Re: [MIX] Modifications to script APIs Anne van Kesteren
• Re: [MIX] Normative statements in 4.1 Resource Fetching Anne van Kesteren
• Re: [MIX] 4.5 User Controls Anne van Kesteren
• [MIX] 6.1 May browsing context use powerful features? Anne van Kesteren
• Re: [MIX] Modifications to script APIs Mike West
• Re: [MIX] Normative statements in 4.1 Resource Fetching Mike West
• Re: [MIX] 4.5 User Controls Mike West
• Re: Permission that spans browsing contexts Mike West
• [MIX] 5.1 Does settings object restrict mixed content? Anne van Kesteren
• [MIX] 4.5 User Controls Anne van Kesteren
• [MIX] Normative statements in 4.1 Resource Fetching Anne van Kesteren
• [MIX] Modifications to script APIs Anne van Kesteren
• Permission that spans browsing contexts Anne van Kesteren
• Re: CfC: Mixed Content to Last Call? Mike West
• Re: [SRI] To trust or not to trust a CDN Frederik Braun
• Re: [SRI] To trust or not to trust a CDN Frederik Braun
• Re: CfC: Mixed Content to Last Call? Mike West

Monday, 27 October 2014

• Re: [CSP] Inconsistency between Source hash introduction and Source hash usage Keiji Takeda

Wednesday, 29 October 2014

• Re: [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: [SRI] To trust or not to trust a CDN Ben Toews
• Re: CfC: Mixed Content to Last Call? Anne van Kesteren
• Frame access Sean Snider
• Re: [SRI] To trust or not to trust a CDN Devdatta Akhawe
• Re: [SRI] To trust or not to trust a CDN Sean Snider
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Sean Snider
• Re: Minimum viable SRI? Brad Hill
• Re: [SRI] To trust or not to trust a CDN Joel Weinberger
• CfC: Mixed Content to Last Call? Mike West
• Re: [SRI] To trust or not to trust a CDN Hatter Jiang OWS
• Re: FYI: Starting on CSP Next. Mike West
• Re: FYI: Starting on CSP Next. Anne van Kesteren
• Re: Minimum viable SRI? Frederik Braun
• Minimum viable SRI? Mike West
• FYI: Starting on CSP Next. Mike West
• Re: [SRI] To trust or not to trust a CDN Ben Toews
• Re: [SRI] To trust or not to trust a CDN Mike West
• Re: [SRI] To trust or not to trust a CDN Brian Smith
• Re: [SRI] To trust or not to trust a CDN Joel Weinberger

Tuesday, 28 October 2014

• [webappsec] do we want a way to hash data: and blob: uris? Brad Hill
• [SRI] To trust or not to trust a CDN Frederik Braun
• [webappsec] TPAC agenda changes Brad Hill
• Re: [webappsec] F2F at TPAC on hold Brad Hill
• Re: [MIX] Is origin an authenticated origin? Mike West
• [webappsec] F2F at TPAC on hold Brad Hill
• Re: [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: [MIX] Is origin an authenticated origin? Mike West
• Re: [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: No-context ACTION emails are confusing Brad Hill
• No-context ACTION emails are confusing Anne van Kesteren
• webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next] Web Application Security Working Group Issue Tracker

Monday, 27 October 2014

• [webappsec] survey results Brad Hill
• webappsec-ACTION-199: Keep topic of internet/intranet connectivity and https on the w3c radar Web Application Security Working Group Issue Tracker
• webappsec-ACTION-198: Take bookmarklets discussion back to the list Web Application Security Working Group Issue Tracker
• Re: [CSP] Inconsistency between Source hash introduction and Source hash usage Mike West
• Re: webappsec-ACTION-196: Remove intranet/internet section from Mixed Content spec Mike West
• Re: [integrity] Different ways to associate integrity information Mark Nottingham
• webappsec-ACTION-197: Schedule an ad-hoc at TPAC 2014 (+wseltzer, +plh, +robin, +tbl?) Web Application Security Working Group Issue Tracker
• webappsec-ACTION-196: Remove intranet/internet section from Mixed Content spec Web Application Security Working Group Issue Tracker
• Re: [CSP] Inconsistency between Source hash introduction and Source hash usage Mike West
• Re: [referrer] HTTPS->HTTP Martin Thomson
• Re: [webappsec] Topics for Rechartering Harry Halpin
• Re: [referrer] HTTPS->HTTP Ian Melven
• Re: [referrer] HTTPS->HTTP Mark Nottingham
• Re: [CSP] Inconsistency between Source hash introduction and Source hash usage Mike West
• webappsec-ACTION-195: Respond to Hatter Jiang on JSONP directives - under consideration for v.Next Web Application Security Working Group Issue Tracker
• webappsec-ACTION-194: Respond to Hatter Jiang on 401 attach Web Application Security Working Group Issue Tracker
• webappsec-ISSUE-68 (401 prompting by subresources): How to manage 401 phishing prompts by subresources Web Application Security Working Group Issue Tracker
• webappsec-ACTION-193: Respond to Brian Smith on referrer-policy Web Application Security Working Group Issue Tracker
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Frederik Braun
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Mike West
• webappsec-ACTION-192: Evaluate control over nesting depth. Web Application Security Working Group Issue Tracker
• webappsec-ACTION-191: Inconsistency in source hash description Web Application Security Working Group Issue Tracker
• webappsec-ACTION-190: Is reflected-xss directive at risk? Web Application Security Working Group Issue Tracker

Sunday, 26 October 2014

• [webappsec] TPAC living agenda Brad Hill
• Re: [Credential Management]: Tiny prototype to play around with. Manu Sporny

Friday, 24 October 2014

• [CSP] Inconsistency between Source hash introduction and Source hash usage Yagihashi Yu

Saturday, 25 October 2014

• RE: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Tom Ritter
• RE: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Sean Snider

Friday, 24 October 2014

• [webappsec] updated (but still draft) TPAC agenda Brad Hill
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Devdatta Akhawe
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Mike West
• Re: [integrity] content-addressable cache? Brad Hill
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Boris Zbarsky
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Michal Zalewski
• Re: [integrity] Different ways to associate integrity information Brad Hill
• Re: [referrer] HTTPS->HTTP Brad Hill
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Mike West
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Anne van Kesteren
• Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Anne van Kesteren
• Service workers, dedicated workers, and the environment settings object Anne van Kesteren
• Re: [referrer] HTTPS->HTTP Mark Nottingham
• Re: [referrer] HTTPS->HTTP Mike West
• Re: [referrer] HTTPS->HTTP Mark Nottingham
• Re: [referrer] HTTPS->HTTP Jochen Eisinger
• Re: [referrer] HTTPS->HTTP Mike West
• Re: [referrer] HTTPS->HTTP Mark Nottingham
• Re: [referrer] HTTPS->HTTP Jochen Eisinger
• Re: [integrity] Different ways to associate integrity information Mike West
• Re: [referrer] HTTPS->HTTP Mike West
• Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) Mike West
• Re: [referrer] HTTPS->HTTP Brian Smith
• Re: [referrer] HTTPS->HTTP Anne van Kesteren
• Re: [referrer] HTTPS->HTTP Mark Nottingham
• Re: [referrer] HTTPS->HTTP Anne van Kesteren
• [referrer] HTTPS->HTTP Mark Nottingham
• [integrity] Different ways to associate integrity information Mark Nottingham
• Re: [integrity] content-addressable cache? Mark Nottingham

Thursday, 23 October 2014

• [webappsec] Rough and preliminary TPAC agenda for WebAppSec Brad Hill
• Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note Ian Melven

Wednesday, 22 October 2014

• RE: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note Sean Snider

Thursday, 23 October 2014

• RE: Allow dynamically inserted <script>-Tags from trustworthy Scripts Sean Snider
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts Florian Weber
• Re: [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: [MIX] Is origin an authenticated origin? Mike West
• Re: [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: [MIX] Is origin an authenticated origin? Mike West
• Re: [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: [MIX] Is origin an authenticated origin? Mike West
• Re: [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: [MIX] Is origin an authenticated origin? Mike West
• Re: [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: [MIX] Is origin an authenticated origin? Mike West
• [MIX] Is origin an authenticated origin? Anne van Kesteren
• Re: [MIX] feedback Anne van Kesteren
• Re: [MIX] feedback Mark Nottingham
• Re: [MIX] feedback Mike West
• Re: [MIX] feedback Anne van Kesteren
• Re: [MIX] feedback Mike West
• Re: [MIX] feedback Anne van Kesteren
• [MIX] feedback Mark Nottingham

Wednesday, 22 October 2014

• RE: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) David Rogers
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Chris Palmer
• RE: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) David Rogers
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts Anne van Kesteren
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Jeffrey Walton

Tuesday, 21 October 2014

• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Jim Manico
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Chris Palmer
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Ángel González
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts Florian Weber
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts Anne van Kesteren
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts Florian Weber
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Michael[tm] Smith
• Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note Giorgio Maone
• Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note Mike West
• Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note Devdatta Akhawe

Monday, 20 October 2014

• [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note Brad Hill
• [webappsec] Call for Consensus: CSP Level 2 to Candidate Recommendation Brad Hill
• [webappsec] Survey on WebAppSec Charter v.Next work Brad Hill
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Adrienne Porter Felt
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Mike West
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Chris Palmer
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Brad Hill
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Brad Hill
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Chris Palmer
• Re: referrer policy questions Mike West
• Re: referrer policy questions Sid Stamm
• Re: referrer policy questions Boris Zbarsky
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Brad Hill
• Re: referrer policy questions Mike West
• Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Chris Palmer
• "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT) Mike West
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Mike West
• referrer policy questions Sid Stamm
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Brad Hill
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Anne van Kesteren
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Mike West
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Anne van Kesteren
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Mike West
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Anne van Kesteren
• Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Mike West
• Re: [webappsec] Topics for Rechartering Anne van Kesteren

Sunday, 19 October 2014

• [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT Brad Hill
• [webappsec] Topics for Rechartering Brad Hill

Friday, 17 October 2014

• Re: NTP vs. HSTS =JeffH
• Re: [Credential Management]: Tiny prototype to play around with. Mike West

Thursday, 16 October 2014

• Re: NTP vs. HSTS Jose Selvi
• Re: NTP vs. HSTS Pawel Krawczyk

Friday, 17 October 2014

• Re: NTP vs. HSTS Adam Langley
• Re: NTP vs. HSTS =JeffH

Thursday, 16 October 2014

• Re: NTP vs. HSTS Adam Langley
• Re: NTP vs. HSTS Chris Palmer
• Re: [webappsec] draft new WG home page Wendy Seltzer
• Re: NTP vs. HSTS Adam Langley
• Re: NTP vs. HSTS Anne van Kesteren
• NTP vs. HSTS John Kemp
• Re: [Credential Management]: Tiny prototype to play around with. Manu Sporny
• [Credential Management]: Tiny prototype to play around with. Mike West

Tuesday, 14 October 2014

• Re: [webappsec] draft new WG home page Brad Hill
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts Florian Weber
• Re: Allow dynamically inserted <script>-Tags from trustworthy Scripts Mike West
• Re: [webappsec] draft new WG home page Mike West

Monday, 13 October 2014

• Re: [webappsec] draft new WG home page Brad Hill
• [webappsec] draft new WG home page Brad Hill

Thursday, 9 October 2014

• Allow dynamically inserted <script>-Tags from trustworthy Scripts Florian Weber

Wednesday, 8 October 2014

• webappsec-ACTION-189: Evaluatescript-ancestors Web Application Security Working Group Issue Tracker
• webappsec-ACTION-188: Evaluate json-src Web Application Security Working Group Issue Tracker
• Re: [integrity] content-addressable cache? Mark Goodwin
• Agenda for WebAppSec WG teleconference Wednesday Oct 8 Daniel Veditz

Tuesday, 7 October 2014

• Re: [integrity] content-addressable cache? Mark Goodwin

Monday, 6 October 2014

• Re: [webappsec] SRI : allow multiple integrity attributes or ni:// uris? Devdatta Akhawe
• [webappsec] SRI : allow multiple integrity attributes or ni:// uris? Brad Hill
• Re: [integrity] content-addressable cache? Brad Hill
• This week's teleconference - keep it Wednesday for one more week Brad Hill
• Re: [integrity] content-addressable cache? Mark Goodwin
• Re: [integrity] content-addressable cache? Devdatta Akhawe
• Re: [integrity] content-addressable cache? Devdatta Akhawe
• Re: [integrity] content-addressable cache? Mark Goodwin
• Re: [integrity] content-addressable cache? Mark Goodwin
• Re: [integrity] content-addressable cache? Anne van Kesteren
• [integrity] content-addressable cache? Frederik Braun

Last message date: Friday, 31 October 2014 18:38:19 UTC