Hi Anne, This is part of a starting point proposal for the new working group; we expect the documents to change. It's a great time to suggest revisions; please feel free to suggest your text. I've put the initial I-Ds on github for easier editing: https://github.com/TokenBinding/Internet-Drafts Cheers, Andrei -----Original Message----- From: Unbearable [mailto:unbearable-bounces@ietf.org] On Behalf Of Anne van Kesteren Sent: Wednesday, February 11, 2015 4:19 AM To: Arthur Barstow Cc: public-webapps; unbearable@ietf.org; WebAppSec WG Subject: Re: [Unbearable] IETF seeking feedback on proposed "Token Binding" Working Group On Wed, Feb 11, 2015 at 1:10 PM, Arthur Barstow <art.barstow@gmail.com> wrote: > WebApps - please note the draft spec includes a new XHR property > "withRefererTokenBindingID" > <https://tools.ietf.org/html/draft-balfanz-https-token-binding-00#section-3.4>. > > If anyone has feedback about the proposal, please send it to the > unbearable @ ietf.org list. However, comments related to the XHR > aspect should be Cc/Bcc to public-webapps. Relatively recently we decided not to extend XMLHttpRequest further and prioritize fetch(). Can we expect a more concrete proposal to revise either or is this it? One problem with this proposal is that it does not use the Sec-* convention for headers so the header can be spoofed... -- https://annevankesteren.nl/ _______________________________________________ Unbearable mailing list Unbearable@ietf.org https://www.ietf.org/mailman/listinfo/unbearableReceived on Thursday, 12 February 2015 17:40:54 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC