Re: IETF seeking feedback on proposed "Token Binding" Working Group

On Wed, Feb 11, 2015 at 1:10 PM, Arthur Barstow <art.barstow@gmail.com> wrote:
> WebApps - please note the draft spec includes a new XHR property
> "withRefererTokenBindingID"
> <https://tools.ietf.org/html/draft-balfanz-https-token-binding-00#section-3.4>.
>
> If anyone has feedback about the proposal, please send it to the
> unbearable @ ietf.org list. However, comments related to the XHR aspect
> should be Cc/Bcc to public-webapps.

Relatively recently we decided not to extend XMLHttpRequest further
and prioritize fetch().

Can we expect a more concrete proposal to revise either or is this it?

One problem with this proposal is that it does not use the Sec-*
convention for headers so the header can be spoofed...


-- 
https://annevankesteren.nl/

Received on Wednesday, 11 February 2015 12:19:38 UTC