Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)

On Thu, Feb 5, 2015 at 12:15 AM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 4 February 2015 at 21:24, Mike West <mkwst@google.com> wrote:
> > My justification for allowing IPv4 is not IoT in itself, but the fact
> that
> > IPv4 is being used today, by the
> > internet-of-things-that-happen-to-be-webservers-in-datacenters.
>
> Can you explain how those iotthtbwid devices might benefit from CSP?
> I don't want to be obtuse, but I'm not seeing a case there.
>

I'm just thinking of normal websites that load data from servers via IP
addresses rather than named hosts. I don't think that's something we
particularly want to encourage, but neither is it something that I'd be
surprised to see substantial numbers of sites doing today.

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Thursday, 5 February 2015 07:30:33 UTC