On Mon, Feb 2, 2015 at 11:05 AM, Mike West <mkwst@google.com> wrote: > This is a call for consensus to publish the following draft of "CSP > Pinning" as a First Public Working Draft: > > > https://w3c.github.io/webappsec/specs/csp-pinning/published/2015-02-FPWD.html > > This document defines a new HTTP header that allows authors to instruct > user agents to remember ("pin") and enforce a Content Security Policy for a > set of hosts for a period of time. > > There's still work to be done, but I believe the document clearly falls > under the group's charter, and is ready for initial publication. Do you > agree? Please send any and all comments to public-webappsec@w3.org. This > CfC will end with our next call, on February 9th, 2015. > No news is good news, right? Given the conversation on the other threads, I'd say that folks are generally positive about this kind of mechanism (Brad in particular claimed that Facebook would find it useful), and that Brian is skeptical of both the mechanic and the value proposition. I've updated the draft at https://w3c.github.io/webappsec/specs/csp-pinning/published/2015-02-FPWD.html. Wendy, Brad, Dan, WDYT about proceeding with a publication request? I think it's worthwhile, but it's not clear whether silence on the list represents consensus or paralysis. :) -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)Received on Tuesday, 10 February 2015 09:37:09 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC