RE: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) from Crispin Cowan on 2015-02-09 (public-webappsec@w3.org from February 2015)

From: Crispin Cowan <crispin@microsoft.com>
Date: Mon, 9 Feb 2015 19:37:24 +0000
To: Jim Manico <jim.manico@owasp.org>, Brad Hill <hillbrad@gmail.com>
CC: Mike West <mkwst@google.com>, Brian Smith <brian@briansmith.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <BN3PR0301MB1220E0C3CE5DABBC032C7CF8BD270@BN3PR0301MB1220.namprd03.prod.outlook.>

To be clear, are you saying that there is a need for secure placement? Or that there is actually a need for multiple competing versions of secure placement?

-----Original Message-----
From: Jim Manico [mailto:jim.manico@owasp.org] 
Sent: Monday, February 9, 2015 11:32 AM
To: Brad Hill
Cc: Mike West; Brian Smith; public-webappsec@w3.org
Subject: Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces)

> I don't think there is a realistic opportunity to create a market for 
> N different and incompatible flavors of "secure" placement

With respect, this is a core need from advertisers which heavily funds the free web. If this is not addressed, advertisers will try to circumvent standards and go for the holes. I'd rather see a more verbose standard that addresses this need so they stay "in the fold".

Feeling dirty.

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On Feb 9, 2015, at 8:23 PM, Brad Hill <hillbrad@gmail.com> wrote:
>
> I don't think there is a realistic opportunity to create a market for 
> N different and incompatible flavors of "secure" placement

Received on Monday, 9 February 2015 19:37:52 UTC