Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) from Oda, Terri on 2015-02-04 (public-webappsec@w3.org from February 2015)

From: Oda, Terri <terri.oda@intel.com>
Date: Tue, 3 Feb 2015 18:01:00 -0800
To: Mike West <mkwst@google.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CACoC0R_iqJ5-FNRSFbyj3W5jJ9wkPReuUJyXDshQQutMkGxFqw@mail.gmail.com>

On Wed, Jan 21, 2015 at 5:23 AM, Mike West <mkwst@google.com> wrote:
>
> Any strong objections to changing the algorithm to always return "does not
> match" when presented with an IP address?
>

I don't know that I'd say *strong* objections, but I find it a hard to
believe that this wouldn't eventually conflict with some internet of things
plans.  Or rather, with some "uh oh" IoT security issue mitigation plans in
the future...

Received on Wednesday, 4 February 2015 02:01:30 UTC