public-webappsec@w3.org from September 2014 by date

Monday, 29 September 2014

Re: Redirects and HSTS Daniel Kahn Gillmor

Sunday, 28 September 2014

Re: Feature-detecting a Content Security Policy Marijn Haverbeke

Saturday, 27 September 2014

Re: Feature-detecting a Content Security Policy Devdatta Akhawe
Re: Feature-detecting a Content Security Policy Jim Manico
Re: Redirects and HSTS Anne van Kesteren

Friday, 26 September 2014

Feature-detecting a Content Security Policy Marijn Haverbeke

Saturday, 27 September 2014

Re: Redirects and HSTS Anne van Kesteren
Re: Redirects and HSTS Anne van Kesteren
Re: Redirects and HSTS Ryan Sleevi
Re: Redirects and HSTS Anne van Kesteren
Re: Redirects and HSTS Daniel Veditz

Friday, 26 September 2014

Re: Redirects and HSTS =JeffH
Re: Redirects and HSTS Ryan Sleevi
Re: Redirects and HSTS Anne van Kesteren
Re: Redirects and HSTS Anne van Kesteren
Re: Redirects and HSTS =JeffH
Re: Redirects and HSTS Tanvi Vyas
Re: Redirects and HSTS Tanvi Vyas
[webappsec] Changing my organizational hats Brad Hill
Re: Redirects and HSTS Ryan Sleevi
Re: Redirects and HSTS Anne van Kesteren
Re: Redirects and HSTS Chris Palmer
Re: Redirects and HSTS Tanvi Vyas
Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson
Re: Redirects and HSTS Mike West
Re: Redirects and HSTS Anne van Kesteren
Re: Redirects and HSTS Mike West
Re: Redirects and HSTS Anne van Kesteren
Re: Redirects and HSTS Mike West
Redirects and HSTS Anne van Kesteren
Re: Proposal: Prefer secure origins for powerful new web platform features Anne van Kesteren

Thursday, 25 September 2014

Re: [Integrity] Some comments on Cross-Origin leakage and content types Devdatta Akhawe
Re: [Integrity] Some comments on Cross-Origin leakage and content types Ángel González

Wednesday, 24 September 2014

Re: Subresource integrity in Chromium Ilya Grigorik
Re: Subresource integrity in Chromium Ilya Grigorik
Re: Subresource integrity in Chromium Mike West
Re: Verified Javascript for WebAppSec re-chartering? Harry Halpin
Re: Subresource integrity in Chromium Mike West
Looking for a home for a proposed Credential Management API. Mike West
Fwd: Verified Javascript for WebAppSec re-chartering? Harry Halpin
[webappsec] tomorrow's call CANCELLED Brad Hill
Re: Subresource integrity in Chromium Hill, Brad

Tuesday, 23 September 2014

Re: [Integrity] Some comments on Cross-Origin leakage and content types Ilya Grigorik
Subresource integrity in Chromium Joel Weinberger
Re: [Integrity] Some comments on Cross-Origin leakage and content types Devdatta Akhawe
Re: [Integrity] Some comments on Cross-Origin leakage and content types Brad Hill

Monday, 22 September 2014

Re: [Integrity] Some comments on Cross-Origin leakage and content types Arjan Veenstra
Re: [Integrity] Some comments on Cross-Origin leakage and content types Arjan Veenstra
Re: [Integrity] Some comments on Cross-Origin leakage and content types Devdatta Akhawe

Sunday, 21 September 2014

Re: [Integrity] Some comments on Cross-Origin leakage and content types Anne van Kesteren

Saturday, 20 September 2014

[Integrity] Some comments on Cross-Origin leakage and content types Arjan Veenstra
Re: Proposal: not-a-scheme digest URI scheme, with graceful degradation Eduardo Robles Elvira
Re: Proposal: not-a-scheme digest URI scheme, with graceful degradation Brad Hill
Re: Proposal: not-a-scheme digest URI scheme, with graceful degradation Eduardo Robles Elvira
Re: Proposal: not-a-scheme digest URI scheme, with graceful degradation Julian Reschke
Proposal: not-a-scheme digest URI scheme, with graceful degradation Eduardo Robles Elvira

Wednesday, 17 September 2014

[webappsec] Re-chartering discussions at TPAC Brad Hill
Re: [MIX] Feedback on the private origin & self-signed certificate requirements Devdatta Akhawe
RE: [MIX] Feedback on the private origin & self-signed certificate requirements Brad Hill
RE: [MIX] Feedback on the private origin & self-signed certificate requirements Chen, Zhigao

Tuesday, 16 September 2014

Review request for a few WebAppSec specs. Hill, Brad
Re: [MIX] Feedback on the private origin & self-signed certificate requirements Hill, Brad
Re: [MIX] Feedback on the private origin & self-signed certificate requirements Mike West
[Integrity] hash in HTTP header field Julian Reschke
Re: CSP reports on eval() and inline Neil Matatall

Monday, 15 September 2014

[Integrity] Some comments on Subresource Integrity draft Ángel González
[webappsec] Poll: new teleconference time Hill, Brad
Re: CSP: Minimum cipher strength Hill, Brad
Re: [MIX] Feedback on the private origin & self-signed certificate requirements Hill, Brad
Re: CSP: Minimum cipher strength Austin William Wright

Sunday, 14 September 2014

[MIX] Feedback on the private origin & self-signed certificate requirements Chen, Zhigao

Monday, 15 September 2014

RE: [MIX] Feedback on the private origin & self-signed certificate requirements Chen, Zhigao
Re: CSP: Minimum cipher strength Anne van Kesteren

Sunday, 14 September 2014

Re: CSP: Minimum cipher strength Jim Manico
Re: [MIX] Feedback on the private origin & self-signed certificate requirements Mike West
Re: CSP: Minimum cipher strength Tom Ritter

Saturday, 13 September 2014

Re: [CSP] compatibility between CSP1.1 and CSP2 Hatter Jiang

Friday, 12 September 2014

Re: [CSP] compatibility between CSP1.1 and CSP2 Devdatta Akhawe
[CSP] compatibility between CSP1.1 and CSP2 Hatter Jiang OWS
Review request for a few WebAppSec specs. Mike West

Thursday, 11 September 2014

Re: HTML Imports vs unsafe-inline Mike West
Re: HTML Imports vs unsafe-inline Jeffrey Yasskin
Re: HTML Imports vs unsafe-inline Mike West
HTML Imports vs unsafe-inline Jeffrey Yasskin

Wednesday, 10 September 2014

Re: CSP: Minimum cipher strength Ryan Sleevi
RE: CfC: Publish a new WD of MIX. Kevin Hill
Re: CfC: Publish a new WD of MIX. Brad Hill
Re: CSP: Minimum cipher strength Daniel Kahn Gillmor
Re: CSP: Minimum cipher strength Frederik Braun
Re: CSP: Minimum cipher strength Mike West

Tuesday, 9 September 2014

[webappsec] Agenda: WebAppSec WG Teleconference 10-September-2014 08:00 PDT Brad Hill
Re: CSP: Minimum cipher strength Frederik Braun
Re: CSP: Minimum cipher strength John Yeuk Hon Wong

Monday, 8 September 2014

Re: CSP: Minimum cipher strength Ángel González
Re: CSP: Minimum cipher strength Jeffrey Walton
CSP: Minimum cipher strength Erlend Oftedal
[CSP] why we do it! Kevin Hill

Saturday, 6 September 2014

Re: CSP for WebRTC Martin Thomson

Friday, 5 September 2014

Re: CSP reports on eval() and inline Pete Freitag
Re: XMLHttpRequest. Support for "OPTIONS *" method. Boris Zbarsky
Re: XMLHttpRequest. Support for "OPTIONS *" method. Julian Reschke
Re: XMLHttpRequest. Support for "OPTIONS *" method. Anne van Kesteren
Re: XMLHttpRequest. Support for "OPTIONS *" method. Mark Nottingham
Re: XMLHttpRequest. Support for "OPTIONS *" method. Anne van Kesteren

Thursday, 4 September 2014

Re: SRI: <a> vs integrity Julian Reschke
Re: CSP reports on eval() and inline Pawel Krawczyk
Re: CSP reports on eval() and inline Neil Matatall
Re: CSP reports on eval() and inline Hill, Brad
Re: CSP reports on eval() and inline Neil Matatall
Re: CSP reports on eval() and inline Neil Matatall
RE: CSP reports on eval() and inline Hill, Brad
Re: CSP reports on eval() and inline Mike West

Wednesday, 3 September 2014

CSP reports on eval() and inline Pawel Krawczyk
Re: CSP Level 2 last call comment Boris Zbarsky
CfC: Publish a new WD of MIX. Mike West
Re: [webappsec] Concluding the Last Call period for CSP Level 2 Mike West
Re: CSP for WebRTC Mike West
webappsec-ISSUE-67: WebRTC via 'connect-src'? Web Application Security Working Group Issue Tracker
Re: CSP Level 2 last call comment Mike West
Re: CSP Level 2 last call comment Anne van Kesteren
Re: [CSP] Regarding style-src unsafe-eval and CSSOM Mike West
Re: CSP Level 2 last call comment Mike West
Re: Defining secure-enough origins. Anne van Kesteren

Tuesday, 2 September 2014

Re: Defining secure-enough origins. Chris Palmer
Re: Defining secure-enough origins. Chris Palmer
Re: CSP Level 2 last call comment Brad Hill
Re: CSP Level 2 last call comment Brad Hill
Re: CSP for WebRTC Martin Thomson

Monday, 1 September 2014

Re: CSP Level 2 last call comment Devdatta Akhawe
Re: [webappsec] Concluding the Last Call period for CSP Level 2 Mike West
Re: [CSP] Compatibility with 1.1 or 1.0 Mike West
Re: [CSP] kill or delay child-src? Mike West
Re: CSP Level 2 last call comment Mike West
Re: ISSUE-65: Does "no referrer" specify a state or is it a token? is a token with a space problematic? Mike West
Re: [CSP] may we have script-ancestors to protect JSONP call Anne van Kesteren
Re: [CSP] kill or delay child-src? Anne van Kesteren
Re: CSP for WebRTC Anne van Kesteren
Re: [CSP] Regarding style-src unsafe-eval and CSSOM Frederik Braun

Last message date: Monday, 29 September 2014 14:01:40 UTC