W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: CfC to publish FPWD of CSP Pinning; deadline Feb. 9th

From: Deian Stefan <deian@cs.stanford.edu>
Date: Mon, 16 Feb 2015 10:38:22 -0800
To: Mike West <mkwst@google.com>, "public-webappsec\@w3.org" <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Brian Smith <brian@briansmith.org>
Message-ID: <87y4nxr9b5.fsf@cs.stanford.edu>

Hey Mike,

Mike West <mkwst@google.com> writes:

> Let's extend this CfC to next week's call as well. The only actionable
> feedback has been Brian's questions around whether this is something
> we should be focusing on[1]. I hope I've responded to that adequately,
> but delaying publication until there's more positive response seems
> prudent.
>
> In the meantime, I've updated
> https://w3c.github.io/webappsec/specs/csp-pinning/published/2015-02-FPWD.html
> a bit. Feedback welcome. :)
>
> [1]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0223.html
> [2]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0246.html

I share Brian's other 2 concerns:

- Pinning directives that are not purely restrictive. Are you open to excluding them for now?

- Is there a reason to not limiting pinning to ServiceWork path?

Thanks,
Deian
Received on Monday, 16 February 2015 18:38:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC