- From: Deian Stefan <deian@cs.stanford.edu>
- Date: Mon, 16 Feb 2015 10:38:22 -0800
- To: Mike West <mkwst@google.com>, "public-webappsec\@w3.org" <public-webappsec@w3.org>
- Cc: Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Brian Smith <brian@briansmith.org>
Hey Mike, Mike West <mkwst@google.com> writes: > Let's extend this CfC to next week's call as well. The only actionable > feedback has been Brian's questions around whether this is something > we should be focusing on[1]. I hope I've responded to that adequately, > but delaying publication until there's more positive response seems > prudent. > > In the meantime, I've updated > https://w3c.github.io/webappsec/specs/csp-pinning/published/2015-02-FPWD.html > a bit. Feedback welcome. :) > > [1]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0223.html > [2]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0246.html I share Brian's other 2 concerns: - Pinning directives that are not purely restrictive. Are you open to excluding them for now? - Is there a reason to not limiting pinning to ServiceWork path? Thanks, Deian
Received on Monday, 16 February 2015 18:38:49 UTC