W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces)

From: Jim Manico <jim.manico@owasp.org>
Date: Mon, 9 Feb 2015 22:03:07 +0100
Message-ID: <8520913488871112643@unknownmsgid>
To: Crispin Cowan <crispin@microsoft.com>
Cc: Brad Hill <hillbrad@gmail.com>, Mike West <mkwst@google.com>, Brian Smith <brian@briansmith.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
I think there will need to be one standard for secure placement with
multiple configurable options like CSP.

--
Jim Manico
@Manicode
(808) 652-3805

> On Feb 9, 2015, at 8:37 PM, Crispin Cowan <crispin@microsoft.com> wrote:
>
> To be clear, are you saying that there is a need for secure placement? Or that there is actually a need for multiple competing versions of secure placement?
>
> -----Original Message-----
> From: Jim Manico [mailto:jim.manico@owasp.org]
> Sent: Monday, February 9, 2015 11:32 AM
> To: Brad Hill
> Cc: Mike West; Brian Smith; public-webappsec@w3.org
> Subject: Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces)
>
>> I don't think there is a realistic opportunity to create a market for
>> N different and incompatible flavors of "secure" placement
>
> With respect, this is a core need from advertisers which heavily funds the free web. If this is not addressed, advertisers will try to circumvent standards and go for the holes. I'd rather see a more verbose standard that addresses this need so they stay "in the fold".
>
> Feeling dirty.
>
> Aloha,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
>> On Feb 9, 2015, at 8:23 PM, Brad Hill <hillbrad@gmail.com> wrote:
>>
>> I don't think there is a realistic opportunity to create a market for
>> N different and incompatible flavors of "secure" placement
>
Received on Monday, 9 February 2015 21:03:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC