Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)

On Wed, Feb 4, 2015 at 10:50 AM, Martin Thomson <>

> > [...] I'm in favor of allowing IPv4 addresses, [...]
> I certainly don't see a point of building a speculative feature for
> something like IoT without IPv6 support.  Doubly so if it's not clear
> how I-o-Things will be identified in practice.

Sorry, mine was not a clearly written email. My justification for allowing
IPv4 is not IoT in itself, but the fact that IPv4 is being used today, by
the internet-of-things-that-happen-to-be-webservers-in-datacenters. It's
not clear to me that whitelisting `` covers the things that people
are already doing, and without non-anecdotal data either way, I'd suggest
erring on the side of cautiously continuing to allow the things that
implementations allow today.


Mike West <>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Wednesday, 4 February 2015 10:25:14 UTC