W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: [webappsec] Concluding the Last Call period for CSP Level 2

From: Mike West <mkwst@google.com>
Date: Mon, 1 Sep 2014 16:48:18 +0200
Message-ID: <CAKXHy=eVcDZWJ9-15Uf3AaDpURRUHvxshHSC_z2GvxCwZM4RCQ@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Thanks all. Apologies; I was on vacation last week, on a warm beach and
mostly internet free. Obviously, the call completely slipped my mind. :(

I'll spin up a CR-draft of the document later this week once folks come
back from labor day vacation and review the changes I've made in response
to some of the questions raised on this and other threads.

Thanks!

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)


On Wed, Aug 27, 2014 at 9:34 PM, Brad Hill <hillbrad@gmail.com> wrote:

> We revisited closing Last Call for CSP Level 2 today on the call, but
> it was right at the end of the meeting, a number of participants had
> to drop early, and the group had a bit of decision fatigue, so though
> there were no objections, assent was also less than vigorous.
>
> Therefore we resolved to close LC pending the following:
>
> 1) That the client hint (CH-CSP) and child-src features be marked as AT
> RISK.
> 2) Clarification that path components are ignored for frame-ancestors
> enforcement
> 3) That there are no further objections on the list.
>
> Regarding #3, if you are reading this object to closing the LC period
> for Level 2, please reply before 23:59 PDT, 27-Aug-2014 (midnight
> tonight, Pacific) stating your objection.
>
> If no further objections are voiced, Last Call be considered closed at
> that time.
>
> thank you,
>
> Brad Hill
>
>
Received on Monday, 1 September 2014 14:49:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC