W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)

From: Oda, Terri <terri.oda@intel.com>
Date: Tue, 3 Feb 2015 18:01:00 -0800
Message-ID: <CACoC0R_iqJ5-FNRSFbyj3W5jJ9wkPReuUJyXDshQQutMkGxFqw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Jan 21, 2015 at 5:23 AM, Mike West <mkwst@google.com> wrote:
> Any strong objections to changing the algorithm to always return "does not
> match" when presented with an IP address?

I don't know that I'd say *strong* objections, but I find it a hard to
believe that this wouldn't eventually conflict with some internet of things
plans.  Or rather, with some "uh oh" IoT security issue mitigation plans in
the future...
Received on Wednesday, 4 February 2015 02:01:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:46 UTC