public-webappsec@w3.org from September 2014 by author

=JeffH

• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)

Anne van Kesteren

• Re: Redirects and HSTS (Saturday, 27 September)
• Re: Redirects and HSTS (Saturday, 27 September)
• Re: Redirects and HSTS (Saturday, 27 September)
• Re: Redirects and HSTS (Saturday, 27 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Redirects and HSTS (Friday, 26 September)
• Re: Proposal: Prefer secure origins for powerful new web platform features (Friday, 26 September)
• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Sunday, 21 September)
• Re: CSP: Minimum cipher strength (Monday, 15 September)
• Re: XMLHttpRequest. Support for "OPTIONS *" method. (Friday, 5 September)
• Re: XMLHttpRequest. Support for "OPTIONS *" method. (Friday, 5 September)
• Re: CSP Level 2 last call comment (Wednesday, 3 September)
• Re: Defining secure-enough origins. (Wednesday, 3 September)
• Re: [CSP] may we have script-ancestors to protect JSONP call (Monday, 1 September)
• Re: [CSP] kill or delay child-src? (Monday, 1 September)
• Re: CSP for WebRTC (Monday, 1 September)

Arjan Veenstra

• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Monday, 22 September)
• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Monday, 22 September)
• [Integrity] Some comments on Cross-Origin leakage and content types (Saturday, 20 September)

Austin William Wright

• Re: CSP: Minimum cipher strength (Monday, 15 September)

Boris Zbarsky

• Re: XMLHttpRequest. Support for "OPTIONS *" method. (Friday, 5 September)
• Re: CSP Level 2 last call comment (Wednesday, 3 September)

Brad Hill

• [webappsec] Changing my organizational hats (Friday, 26 September)
• [webappsec] tomorrow's call CANCELLED (Wednesday, 24 September)
• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Tuesday, 23 September)
• Re: Proposal: not-a-scheme digest URI scheme, with graceful degradation (Saturday, 20 September)
• [webappsec] Re-chartering discussions at TPAC (Wednesday, 17 September)
• RE: [MIX] Feedback on the private origin & self-signed certificate requirements (Wednesday, 17 September)
• Re: CfC: Publish a new WD of MIX. (Wednesday, 10 September)
• [webappsec] Agenda: WebAppSec WG Teleconference 10-September-2014 08:00 PDT (Tuesday, 9 September)
• Re: CSP Level 2 last call comment (Tuesday, 2 September)
• Re: CSP Level 2 last call comment (Tuesday, 2 September)

Chen, Zhigao

• RE: [MIX] Feedback on the private origin & self-signed certificate requirements (Wednesday, 17 September)
• [MIX] Feedback on the private origin & self-signed certificate requirements (Sunday, 14 September)
• RE: [MIX] Feedback on the private origin & self-signed certificate requirements (Monday, 15 September)

Chris Palmer

• Re: Redirects and HSTS (Friday, 26 September)
• Re: Defining secure-enough origins. (Tuesday, 2 September)
• Re: Defining secure-enough origins. (Tuesday, 2 September)

Daniel Kahn Gillmor

• Re: Redirects and HSTS (Monday, 29 September)
• Re: CSP: Minimum cipher strength (Wednesday, 10 September)

Daniel Veditz

• Re: Redirects and HSTS (Saturday, 27 September)

Devdatta Akhawe

• Re: Feature-detecting a Content Security Policy (Saturday, 27 September)
• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Thursday, 25 September)
• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Tuesday, 23 September)
• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Monday, 22 September)
• Re: [MIX] Feedback on the private origin & self-signed certificate requirements (Wednesday, 17 September)
• Re: [CSP] compatibility between CSP1.1 and CSP2 (Friday, 12 September)
• Re: CSP Level 2 last call comment (Monday, 1 September)

Eduardo Robles Elvira

• Re: Proposal: not-a-scheme digest URI scheme, with graceful degradation (Saturday, 20 September)
• Re: Proposal: not-a-scheme digest URI scheme, with graceful degradation (Saturday, 20 September)
• Proposal: not-a-scheme digest URI scheme, with graceful degradation (Saturday, 20 September)

Erlend Oftedal

• CSP: Minimum cipher strength (Monday, 8 September)

Frederik Braun

• Re: CSP: Minimum cipher strength (Wednesday, 10 September)
• Re: CSP: Minimum cipher strength (Tuesday, 9 September)
• Re: [CSP] Regarding style-src unsafe-eval and CSSOM (Monday, 1 September)

Harry Halpin

• Re: Verified Javascript for WebAppSec re-chartering? (Wednesday, 24 September)
• Fwd: Verified Javascript for WebAppSec re-chartering? (Wednesday, 24 September)

Hatter Jiang

• Re: [CSP] compatibility between CSP1.1 and CSP2 (Saturday, 13 September)

Hatter Jiang OWS

• [CSP] compatibility between CSP1.1 and CSP2 (Friday, 12 September)

Hill, Brad

• Re: Subresource integrity in Chromium (Wednesday, 24 September)
• Review request for a few WebAppSec specs. (Tuesday, 16 September)
• Re: [MIX] Feedback on the private origin & self-signed certificate requirements (Tuesday, 16 September)
• [webappsec] Poll: new teleconference time (Monday, 15 September)
• Re: CSP: Minimum cipher strength (Monday, 15 September)
• Re: [MIX] Feedback on the private origin & self-signed certificate requirements (Monday, 15 September)
• Re: CSP reports on eval() and inline (Thursday, 4 September)
• RE: CSP reports on eval() and inline (Thursday, 4 September)

Ilya Grigorik

• Re: Subresource integrity in Chromium (Wednesday, 24 September)
• Re: Subresource integrity in Chromium (Wednesday, 24 September)
• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Tuesday, 23 September)

Jeffrey Walton

• Re: CSP: Minimum cipher strength (Monday, 8 September)

Jeffrey Yasskin

• Re: HTML Imports vs unsafe-inline (Thursday, 11 September)
• HTML Imports vs unsafe-inline (Thursday, 11 September)

Jim Manico

• Re: Feature-detecting a Content Security Policy (Saturday, 27 September)
• Re: CSP: Minimum cipher strength (Sunday, 14 September)

Joel Weinberger

• Subresource integrity in Chromium (Tuesday, 23 September)

John Yeuk Hon Wong

• Re: CSP: Minimum cipher strength (Tuesday, 9 September)

Julian Reschke

• Re: Proposal: not-a-scheme digest URI scheme, with graceful degradation (Saturday, 20 September)
• [Integrity] hash in HTTP header field (Tuesday, 16 September)
• Re: XMLHttpRequest. Support for "OPTIONS *" method. (Friday, 5 September)
• Re: SRI: <a> vs integrity (Thursday, 4 September)

Kevin Hill

• RE: CfC: Publish a new WD of MIX. (Wednesday, 10 September)
• [CSP] why we do it! (Monday, 8 September)

Marijn Haverbeke

• Re: Feature-detecting a Content Security Policy (Sunday, 28 September)
• Feature-detecting a Content Security Policy (Friday, 26 September)

Mark Nottingham

• Re: XMLHttpRequest. Support for "OPTIONS *" method. (Friday, 5 September)

Mark Watson

• Re: Proposal: Prefer secure origins for powerful new web platform features (Friday, 26 September)

Martin Thomson

• Re: CSP for WebRTC (Saturday, 6 September)
• Re: CSP for WebRTC (Tuesday, 2 September)

Mike West

• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: Subresource integrity in Chromium (Wednesday, 24 September)
• Re: Subresource integrity in Chromium (Wednesday, 24 September)
• Looking for a home for a proposed Credential Management API. (Wednesday, 24 September)
• Re: [MIX] Feedback on the private origin & self-signed certificate requirements (Tuesday, 16 September)
• Re: [MIX] Feedback on the private origin & self-signed certificate requirements (Sunday, 14 September)
• Review request for a few WebAppSec specs. (Friday, 12 September)
• Re: HTML Imports vs unsafe-inline (Thursday, 11 September)
• Re: HTML Imports vs unsafe-inline (Thursday, 11 September)
• Re: CSP: Minimum cipher strength (Wednesday, 10 September)
• Re: CSP reports on eval() and inline (Thursday, 4 September)
• CfC: Publish a new WD of MIX. (Wednesday, 3 September)
• Re: [webappsec] Concluding the Last Call period for CSP Level 2 (Wednesday, 3 September)
• Re: CSP for WebRTC (Wednesday, 3 September)
• Re: CSP Level 2 last call comment (Wednesday, 3 September)
• Re: [CSP] Regarding style-src unsafe-eval and CSSOM (Wednesday, 3 September)
• Re: CSP Level 2 last call comment (Wednesday, 3 September)
• Re: [webappsec] Concluding the Last Call period for CSP Level 2 (Monday, 1 September)
• Re: [CSP] Compatibility with 1.1 or 1.0 (Monday, 1 September)
• Re: [CSP] kill or delay child-src? (Monday, 1 September)
• Re: CSP Level 2 last call comment (Monday, 1 September)
• Re: ISSUE-65: Does "no referrer" specify a state or is it a token? is a token with a space problematic? (Monday, 1 September)

Neil Matatall

• Re: CSP reports on eval() and inline (Tuesday, 16 September)
• Re: CSP reports on eval() and inline (Thursday, 4 September)
• Re: CSP reports on eval() and inline (Thursday, 4 September)
• Re: CSP reports on eval() and inline (Thursday, 4 September)

Pawel Krawczyk

• Re: CSP reports on eval() and inline (Thursday, 4 September)
• CSP reports on eval() and inline (Wednesday, 3 September)

Pete Freitag

• Re: CSP reports on eval() and inline (Friday, 5 September)

Ryan Sleevi

• Re: Redirects and HSTS (Saturday, 27 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: CSP: Minimum cipher strength (Wednesday, 10 September)

Tanvi Vyas

• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)
• Re: Redirects and HSTS (Friday, 26 September)

Tom Ritter

• Re: CSP: Minimum cipher strength (Sunday, 14 September)

Web Application Security Working Group Issue Tracker

• webappsec-ISSUE-67: WebRTC via 'connect-src'? (Wednesday, 3 September)

Ángel González

• Re: [Integrity] Some comments on Cross-Origin leakage and content types (Thursday, 25 September)
• [Integrity] Some comments on Subresource Integrity draft (Monday, 15 September)
• Re: CSP: Minimum cipher strength (Monday, 8 September)

Last message date: Monday, 29 September 2014 14:01:40 UTC