public-webappsec@w3.org from February 2015 by thread

Intent to deprecate: Insecure usage of powerful features Joel Weinberger (Thursday, 26 February)

Requiring Authenticated Origins for Geolocation API's: Status Mandyam, Giridhar (Wednesday, 25 February)

• Re: Requiring Authenticated Origins for Geolocation API's: Status Joel Weinberger (Friday, 27 February)

why does plugin-types inherit to nested browsing contexts? Emily Stark (Wednesday, 25 February)

• Re: why does plugin-types inherit to nested browsing contexts? Brad Hill (Wednesday, 25 February)
  • Re: why does plugin-types inherit to nested browsing contexts? Emily Stark (Thursday, 26 February)
    • Re: why does plugin-types inherit to nested browsing contexts? Devdatta Akhawe (Thursday, 26 February)
      • Re: why does plugin-types inherit to nested browsing contexts? Mike West (Thursday, 26 February)
        • Re: why does plugin-types inherit to nested browsing contexts? Devdatta Akhawe (Thursday, 26 February)
          • Re: why does plugin-types inherit to nested browsing contexts? Mike West (Friday, 27 February)
            • Re: why does plugin-types inherit to nested browsing contexts? Devdatta Akhawe (Friday, 27 February)

Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Tim Berners-Lee (Wednesday, 25 February)

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Brad Hill (Wednesday, 25 February)

draft minutes from 23-Feb teleconference available Brad Hill (Monday, 23 February)

• Re: draft minutes from 23-Feb teleconference available Brad Hill (Monday, 23 February)
  • Re: draft minutes from 23-Feb teleconference available Francois Marier (Monday, 23 February)

last charter update Brad Hill (Monday, 23 February)

webappsec-ACTION-214: Ask mozilla ac rep about the current status of their charter objections Web Application Security Working Group Issue Tracker (Monday, 23 February)

[webappsec] Teleconference Agenda, 23-Feb-2015 Brad Hill (Monday, 23 February)

[webappsec] agenda - coming soon Brad Hill (Monday, 23 February)

Private Devices and IoT (was Proposal: Marking HTTP As Non-Secure) Jeffrey Walton (Sunday, 22 February)

• Re: Private Devices and IoT (was Proposal: Marking HTTP As Non-Secure) Adam Langley (Monday, 23 February)
  • Re: Private Devices and IoT (was Proposal: Marking HTTP As Non-Secure) Jeffrey Walton (Monday, 23 February)

Fetch, MSE, and MIX Ryan Sleevi (Friday, 20 February)

• Re: Fetch, MSE, and MIX Aaron Colwell (Friday, 20 February)
  • Re: Fetch, MSE, and MIX Brad Hill (Friday, 20 February)
• Re: Fetch, MSE, and MIX Brian Smith (Friday, 20 February)
  • Re: Fetch, MSE, and MIX Ryan Sleevi (Friday, 20 February)
    • Re: Fetch, MSE, and MIX Brian Smith (Wednesday, 25 February)
      • Re: Fetch, MSE, and MIX Ryan Sleevi (Wednesday, 25 February)

CORS explained simply henry.story@bblfish.net (Thursday, 19 February)

• Re: CORS explained simply Brad Hill (Thursday, 19 February)
  • Re: CORS explained simply chaals@yandex-team.ru (Friday, 20 February)
    • Re: CORS explained simply Anne van Kesteren (Friday, 20 February)
      • Re: CORS explained simply Odin Hørthe Omdal (Friday, 20 February)
    • Re: CORS explained simply Brad Hill (Friday, 20 February)
• Re: CORS explained simply Anne van Kesteren (Friday, 20 February)

CORS performance proposal Anne van Kesteren (Thursday, 19 February)

• Re: CORS performance proposal Dale Harvey (Thursday, 19 February)
• Re: CORS performance proposal Jonas Sicking (Thursday, 19 February)
  • Re: CORS performance proposal Anne van Kesteren (Friday, 20 February)
    • Re: CORS performance proposal Jonas Sicking (Friday, 20 February)
      • Re: CORS performance proposal Anne van Kesteren (Saturday, 21 February)
        • Re: CORS performance proposal Martin Thomson (Saturday, 21 February)
          • Re: CORS performance proposal Anne van Kesteren (Sunday, 22 February)
            • Re: CORS performance proposal Jonas Sicking (Monday, 23 February)
        • Re: CORS performance proposal Jonas Sicking (Monday, 23 February)
• Re: CORS performance proposal Martin Thomson (Thursday, 19 February)
  • Re: CORS performance proposal Bjoern Hoehrmann (Thursday, 19 February)
    • Re: CORS performance proposal Martin Thomson (Friday, 20 February)
      • Re: CORS performance proposal Bjoern Hoehrmann (Friday, 20 February)
• Re: CORS performance proposal Brian Smith (Thursday, 19 February)

BIKESHED: Rename "Powerful features"? Mike West (Wednesday, 18 February)

• Re: BIKESHED: Rename "Powerful features"? Mark Watson (Wednesday, 18 February)
  • Re: BIKESHED: Rename "Powerful features"? Michal Zalewski (Wednesday, 18 February)
  • Re: BIKESHED: Rename "Powerful features"? Mike West (Wednesday, 18 February)
    • Re: BIKESHED: Rename "Powerful features"? Eduardo' Vela\ (Wednesday, 18 February)
    • Re: BIKESHED: Rename "Powerful features"? Mark Watson (Wednesday, 18 February)
    • RE: BIKESHED: Rename "Powerful features"? Crispin Cowan (Wednesday, 18 February)
      • Re: BIKESHED: Rename "Powerful features"? Mark Watson (Wednesday, 18 February)
        • RE: BIKESHED: Rename "Powerful features"? Crispin Cowan (Wednesday, 18 February)
          • Re: BIKESHED: Rename "Powerful features"? Alex Russell (Thursday, 19 February)
            • Re: BIKESHED: Rename "Powerful features"? Oda, Terri (Saturday, 21 February)
            • Re: BIKESHED: Rename "Powerful features"? Mike West (Monday, 23 February)
            • Re: BIKESHED: Rename "Powerful features"? Jeffrey Yasskin (Monday, 23 February)
            • Re: BIKESHED: Rename "Powerful features"? Jeffrey Yasskin (Monday, 23 February)
            • Re: BIKESHED: Rename "Powerful features"? Mike West (Monday, 23 February)
            • RE: BIKESHED: Rename "Powerful features"? Crispin Cowan (Monday, 23 February)
            • Re: BIKESHED: Rename "Powerful features"? Yan Zhu (Monday, 23 February)
            • Re: BIKESHED: Rename "Powerful features"? Jeffrey Yasskin (Tuesday, 24 February)
• Re: BIKESHED: Rename "Powerful features"? Yan Zhu (Wednesday, 18 February)
  • Re: BIKESHED: Rename "Powerful features"? Jeffrey Yasskin (Wednesday, 18 February)

CORS performance Anne van Kesteren (Tuesday, 17 February)

• Re: CORS performance Bjoern Hoehrmann (Tuesday, 17 February)
  • Re: CORS performance Anne van Kesteren (Tuesday, 17 February)
    • Re: CORS performance Devdatta Akhawe (Tuesday, 17 February)
    • Re: CORS performance Bjoern Hoehrmann (Tuesday, 17 February)
      • Re: CORS performance Eric Mill (Wednesday, 18 February)
      • Re: CORS performance Mike West (Thursday, 19 February)
• Re: CORS performance Brad Hill (Tuesday, 17 February)
  • Re: CORS performance Martin Thomson (Thursday, 19 February)
    • Re: CORS performance henry.story@bblfish.net (Thursday, 19 February)
  • Re: CORS performance Henri Sivonen (Monday, 23 February)
    • Re: CORS performance Jonas Sicking (Monday, 23 February)
      • Re: CORS performance Anne van Kesteren (Monday, 23 February)
        • Re: CORS performance Jonas Sicking (Monday, 23 February)
          • Re: CORS performance Anne van Kesteren (Tuesday, 24 February)
            • Re: CORS performance Jonas Sicking (Tuesday, 24 February)
            • Re: CORS performance Anne van Kesteren (Wednesday, 25 February)
• Re: CORS performance Brian Smith (Thursday, 19 February)
  • Re: CORS performance Anne van Kesteren (Thursday, 19 February)
    • Re: CORS performance Anne van Kesteren (Thursday, 19 February)
    • Re: CORS performance Brian Smith (Thursday, 19 February)
      • Re: CORS performance Dale Harvey (Thursday, 19 February)
        • Re: CORS performance Anne van Kesteren (Thursday, 19 February)
          • Re: CORS performance James M Snell (Thursday, 19 February)
          • Re: CORS performance Jonas Sicking (Thursday, 19 February)
        • Re: CORS performance Brian Smith (Thursday, 19 February)
          • Re: CORS performance Dale Harvey (Thursday, 19 February)
            • Re: CORS performance Brian Smith (Thursday, 19 February)
            • Re: CORS performance Dale Harvey (Thursday, 19 February)
            • Re: CORS performance Brian Smith (Thursday, 19 February)
            • Re: CORS performance Dale Harvey (Thursday, 19 February)
            • Re: CORS performance Dale Harvey (Thursday, 19 February)
            • Re: CORS performance Brian Smith (Thursday, 19 February)
            • Re: CORS performance Jonas Sicking (Thursday, 19 February)
            • Re: CORS performance Brad Hill (Thursday, 19 February)
            • Re: CORS performance Jonas Sicking (Thursday, 19 February)
            • Re: CORS performance Bjoern Hoehrmann (Thursday, 19 February)

Re: Service Workers and MIX (was Re: MIX: Exiting last call?) Brian Smith (Tuesday, 17 February)

• Re: Service Workers and MIX (was Re: MIX: Exiting last call?) Mike West (Wednesday, 18 February)

Follow-up to TAG meeting on Powerful Features Wendy Seltzer (Monday, 16 February)

• Re: Follow-up to TAG meeting on Powerful Features Daniel Appelquist (Tuesday, 17 February)
  • Re: Follow-up to TAG meeting on Powerful Features Brad Hill (Tuesday, 17 February)
    • Re: Follow-up to TAG meeting on Powerful Features Yan Zhu (Tuesday, 17 February)
      • Re: Follow-up to TAG meeting on Powerful Features Wendy Seltzer (Wednesday, 18 February)
        • Re: Follow-up to TAG meeting on Powerful Features Mike West (Wednesday, 18 February)
          • Re: Follow-up to TAG meeting on Powerful Features Brad Hill (Wednesday, 18 February)
• Re: Follow-up to TAG meeting on Powerful Features Mark Watson (Tuesday, 17 February)
  • RE: Follow-up to TAG meeting on Powerful Features Crispin Cowan (Tuesday, 17 February)

CfC: Transition Mixed Content to CR; deadline Feb 23rd. Mike West (Monday, 16 February)

• Re: CfC: Transition Mixed Content to CR; deadline Feb 23rd. Brian Smith (Tuesday, 17 February)
  • Re: CfC: Transition Mixed Content to CR; deadline Feb 23rd. Mike West (Wednesday, 18 February)

Signed CSP Scott Arciszewski (Sunday, 15 February)

• RE: Signed CSP Crispin Cowan (Sunday, 15 February)
  • Re: Signed CSP Scott Arciszewski (Sunday, 15 February)
    • RE: Signed CSP Crispin Cowan (Sunday, 15 February)
      • Re: Signed CSP Scott Arciszewski (Sunday, 15 February)
        • RE: Signed CSP Crispin Cowan (Monday, 16 February)
          • Re: Signed CSP Scott Arciszewski (Monday, 16 February)
            • Re: Signed CSP Scott Arciszewski (Monday, 16 February)
            • Re: Signed CSP Michal Zalewski (Monday, 16 February)
            • Re: Signed CSP Scott Arciszewski (Monday, 16 February)
            • RE: Signed CSP Crispin Cowan (Monday, 16 February)
            • Re: Signed CSP Yan Zhu (Tuesday, 17 February)

RfC: Manifest for web application; review deadline March 5 Arthur Barstow (Friday, 13 February)

Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status) Brian Smith (Thursday, 12 February)

• Re: Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status) David Ross (Thursday, 12 February)
  • Re: Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status) Eduardo' Vela\ (Friday, 13 February)
    • Re: Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status) Brian Smith (Wednesday, 25 February)
      • Re: Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status) Eduardo' Vela\ (Wednesday, 25 February)
        • Re: Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status) David Ross (Thursday, 26 February)
          • Re: Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status) Brian Smith (Thursday, 26 February)
            • Re: Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status) Eduardo' Vela\ (Thursday, 26 February)

[Referrer] Adding a referrer attribute delivery mechanism Francois Marier (Thursday, 12 February)

• Re: [Referrer] Adding a referrer attribute delivery mechanism Jim Manico (Thursday, 12 February)
• Re: [Referrer] Adding a referrer attribute delivery mechanism Brian Smith (Thursday, 12 February)
  • Re: [Referrer] Adding a referrer attribute delivery mechanism Martin Thomson (Thursday, 12 February)
    • Re: [Referrer] Adding a referrer attribute delivery mechanism Brian Smith (Thursday, 12 February)
      • Re: [Referrer] Adding a referrer attribute delivery mechanism Martin Thomson (Thursday, 12 February)
        • Re: [Referrer] Adding a referrer attribute delivery mechanism Anne van Kesteren (Thursday, 12 February)
          • Re: [Referrer] Adding a referrer attribute delivery mechanism Mike West (Thursday, 12 February)
            • Re: [Referrer] Adding a referrer attribute delivery mechanism Anne van Kesteren (Thursday, 12 February)
        • Re: [Referrer] Adding a referrer attribute delivery mechanism Brian Smith (Friday, 13 February)
  • Re: [Referrer] Adding a referrer attribute delivery mechanism Mike West (Thursday, 12 February)
    • Re: [Referrer] Adding a referrer attribute delivery mechanism Anne van Kesteren (Thursday, 12 February)
      • Re: [Referrer] Adding a referrer attribute delivery mechanism Mike West (Thursday, 12 February)
        • Re: [Referrer] Adding a referrer attribute delivery mechanism Devdatta Akhawe (Friday, 13 February)
          • Re: [Referrer] Adding a referrer attribute delivery mechanism Francois Marier (Friday, 13 February)
            • Re: [Referrer] Adding a referrer attribute delivery mechanism Devdatta Akhawe (Friday, 13 February)
            • Re: [Referrer] Adding a referrer attribute delivery mechanism Francois Marier (Friday, 13 February)
            • Re: [Referrer] Adding a referrer attribute delivery mechanism Brian Smith (Friday, 13 February)
• RE: [Referrer] Adding a referrer attribute delivery mechanism Scott Beardsley (Thursday, 12 February)
  • Re: [Referrer] Adding a referrer attribute delivery mechanism Mike West (Friday, 13 February)
• Re: [Referrer] Adding a referrer attribute delivery mechanism Scott Beardsley (Friday, 13 February)

UPGRADE: Feature detection? Mike West (Wednesday, 11 February)

• Re: UPGRADE: Feature detection? Anne van Kesteren (Wednesday, 11 February)
  • Re: UPGRADE: Feature detection? Mike West (Wednesday, 11 February)
• Re: UPGRADE: Feature detection? Daniel Kahn Gillmor (Wednesday, 11 February)
  • Re: UPGRADE: Feature detection? Jacob Hoffman-Andrews (Wednesday, 11 February)
    • Re: UPGRADE: Feature detection? Daniel Kahn Gillmor (Wednesday, 11 February)
  • Re: UPGRADE: Feature detection? Mike West (Thursday, 12 February)
    • Re: UPGRADE: Feature detection? Martin Thomson (Thursday, 12 February)
      • Re: UPGRADE: Feature detection? Mike West (Thursday, 12 February)
        • Re: UPGRADE: Feature detection? Martin Thomson (Thursday, 12 February)
          • Re: UPGRADE: Feature detection? Mike West (Thursday, 12 February)
• Re: UPGRADE: Feature detection? Bjoern Hoehrmann (Thursday, 12 February)
• Re: UPGRADE: Feature detection? Julian Reschke (Thursday, 12 February)
  • Re: UPGRADE: Feature detection? Mike West (Friday, 13 February)

Process? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.) Mike West (Wednesday, 11 February)

• Re: Process? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.) Wendy Seltzer (Wednesday, 11 February)
  • Re: Process? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.) Mike West (Wednesday, 11 February)
    • Re: Process? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.) Brad Hill (Wednesday, 11 February)

UPGRADE: Goals? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.) Mike West (Wednesday, 11 February)

• Re: UPGRADE: Goals? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.) Brad Hill (Wednesday, 11 February)
  • Re: UPGRADE: Goals? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.) Daniel Kahn Gillmor (Wednesday, 11 February)
    • Re: UPGRADE: Goals? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.) Mike West (Thursday, 12 February)

IETF seeking feedback on proposed "Token Binding" Working Group Arthur Barstow (Wednesday, 11 February)

• Re: IETF seeking feedback on proposed "Token Binding" Working Group Anne van Kesteren (Wednesday, 11 February)
  • RE: [Unbearable] IETF seeking feedback on proposed "Token Binding" Working Group Andrei Popov (Wednesday, 11 February)
    • Re: [Unbearable] IETF seeking feedback on proposed "Token Binding" Working Group Anne van Kesteren (Wednesday, 11 February)

Credentials Management API & multiple-credentials. rektide@voodoowarez.com (Tuesday, 10 February)

• Re: Credentials Management API & multiple-credentials. Mike West (Thursday, 12 February)

Always on SSL Ben Wilson (Tuesday, 10 February)

CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Mike West (Tuesday, 10 February)

• Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Mike West (Tuesday, 10 February)
  • RE: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Crispin Cowan (Tuesday, 10 February)
    • Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Jim Manico (Tuesday, 10 February)
      • Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Brad Hill (Tuesday, 10 February)
      • Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Tanvi Vyas (Tuesday, 10 February)
        • Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Mike West (Wednesday, 11 February)
          • Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Daniel Kahn Gillmor (Wednesday, 11 February)
    • Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Mike West (Wednesday, 11 February)
      • RE: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Crispin Cowan (Wednesday, 11 February)
• Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Brian Smith (Wednesday, 11 February)
  • Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Mike West (Thursday, 12 February)
    • Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th. Mike West (Monday, 16 February)

CfC approved: CSP Level 2 to Candidate Recommendation Brad Hill (Monday, 9 February)

• Re: CfC approved: CSP Level 2 to Candidate Recommendation Mike West (Tuesday, 10 February)
  • Re: CfC approved: CSP Level 2 to Candidate Recommendation Brad Hill (Tuesday, 10 February)
  • Re: CfC approved: CSP Level 2 to Candidate Recommendation Daniel Veditz (Tuesday, 10 February)
  • Re: CfC approved: CSP Level 2 to Candidate Recommendation Bjoern Hoehrmann (Wednesday, 11 February)
    • Re: CfC approved: CSP Level 2 to Candidate Recommendation Mike West (Wednesday, 11 February)
  • Re: CfC approved: CSP Level 2 to Candidate Recommendation Brian Smith (Wednesday, 11 February)

webappsec-ACTION-213: Reply to brian smith re: csp2 to cr Web Application Security Working Group Issue Tracker (Monday, 9 February)

webappsec-ACTION-212: Issue cfc to take mixed content to cr Web Application Security Working Group Issue Tracker (Monday, 9 February)

iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Brian Smith (Monday, 9 February)

• Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Mike West (Monday, 9 February)
  • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Jim Manico (Monday, 9 February)
    • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Devdatta Akhawe (Monday, 9 February)
      • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Brian Smith (Wednesday, 11 February)
    • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Brad Hill (Monday, 9 February)
      • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Jim Manico (Monday, 9 February)
        • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Brad Hill (Monday, 9 February)
          • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Jim Manico (Monday, 9 February)
            • RE: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Crispin Cowan (Monday, 9 February)
            • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Jim Manico (Monday, 9 February)
    • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Brian Smith (Wednesday, 11 February)
  • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Brian Smith (Wednesday, 11 February)
    • Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) Mike West (Thursday, 12 February)

Re: [CSP] Clarifications on nonces Brian Smith (Monday, 9 February)

• Re: [CSP] Clarifications on nonces Mike West (Monday, 9 February)
  • Re: [CSP] Clarifications on nonces Jim Manico (Monday, 9 February)
    • Re: [CSP] Clarifications on nonces Mike West (Monday, 9 February)
  • Re: [CSP] Clarifications on nonces Brian Smith (Monday, 9 February)

referrer spec and backwards compatibility Devdatta Akhawe (Monday, 9 February)

• Re: referrer spec and backwards compatibility Mike West (Monday, 9 February)
  • Re: referrer spec and backwards compatibility Devdatta Akhawe (Monday, 9 February)
    • Re: referrer spec and backwards compatibility Mike West (Tuesday, 10 February)
      • Re: referrer spec and backwards compatibility Devdatta Akhawe (Tuesday, 10 February)
        • Re: referrer spec and backwards compatibility Mike West (Wednesday, 11 February)

Issues with reflected-xss (was Re: CfC: Transition CSP2 to CR.) Brian Smith (Monday, 9 February)

[webappsec] Teleconference Agenda, 09-Feb-2015 Brad Hill (Monday, 9 February)

Re: [SRI] unsupported hashes and invalid metadata Devdatta Akhawe (Sunday, 8 February)

• Re: [SRI] unsupported hashes and invalid metadata Francois Marier (Monday, 9 February)
• Re: [SRI] unsupported hashes and invalid metadata Brian Smith (Monday, 9 February)
• Re: [SRI] unsupported hashes and invalid metadata Brian Smith (Monday, 9 February)
  • Re: [SRI] unsupported hashes and invalid metadata Devdatta Akhawe (Monday, 9 February)
    • Re: [SRI] unsupported hashes and invalid metadata Brian Smith (Monday, 9 February)
      • Re: [SRI] unsupported hashes and invalid metadata Devdatta Akhawe (Monday, 9 February)
        • Re: [SRI] unsupported hashes and invalid metadata Jim Manico (Monday, 9 February)

Re: CfC: Transition CSP2 to CR. Mike West (Friday, 6 February)

• Re: CfC: Transition CSP2 to CR. Brian Smith (Friday, 6 February)
  • Re: CfC: Transition CSP2 to CR. Mike West (Saturday, 7 February)
    • Re: CfC: Transition CSP2 to CR. Brian Smith (Monday, 9 February)
      • Re: CfC: Transition CSP2 to CR. Mike West (Monday, 9 February)
      • Re: CfC: Transition CSP2 to CR. Bjoern Hoehrmann (Monday, 9 February)
        • Re: CfC: Transition CSP2 to CR. Brian Smith (Wednesday, 11 February)
          • Re: CfC: Transition CSP2 to CR. Bjoern Hoehrmann (Wednesday, 11 February)
            • Re: CfC: Transition CSP2 to CR. Brian Smith (Wednesday, 11 February)
            • Re: CfC: Transition CSP2 to CR. Bjoern Hoehrmann (Wednesday, 11 February)
• Re: CfC: Transition CSP2 to CR. Bjoern Hoehrmann (Saturday, 7 February)
  • Re: CfC: Transition CSP2 to CR. Mike West (Saturday, 7 February)
  • Re: CfC: Transition CSP2 to CR. Brad Hill (Saturday, 7 February)
• Re: CfC: Transition CSP2 to CR. Francois Marier (Monday, 9 February)
  • Re: CfC: Transition CSP2 to CR. Devdatta Akhawe (Monday, 9 February)
  • Re: CfC: Transition CSP2 to CR. Brian Smith (Monday, 9 February)
    • Re: CfC: Transition CSP2 to CR. Mike West (Monday, 9 February)
      • Re: CfC: Transition CSP2 to CR. Francois Marier (Monday, 9 February)
        • Re: CfC: Transition CSP2 to CR. Mike West (Tuesday, 10 February)

WebAppSec re-charter status Wendy Seltzer (Wednesday, 4 February)

• Re: WebAppSec re-charter status chaals@yandex-team.ru (Wednesday, 4 February)
  • Asynchronous decision making (Re: WebAppSec re-charter status) Frederik Braun (Wednesday, 4 February)
    • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Mike West (Wednesday, 4 February)
      • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Wendy Seltzer (Wednesday, 4 February)
        • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Mike West (Wednesday, 4 February)
          • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Brad Hill (Wednesday, 4 February)
          • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Anne van Kesteren (Wednesday, 4 February)
            • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Mike West (Wednesday, 4 February)
            • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Arthur Barstow (Wednesday, 4 February)
            • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Wendy Seltzer (Wednesday, 4 February)
            • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Brad Hill (Wednesday, 4 February)
            • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Mike West (Thursday, 5 February)
            • Re: Asynchronous decision making (Re: WebAppSec re-charter status) Frederik Braun (Thursday, 5 February)
• Re: WebAppSec re-charter status Mike West (Thursday, 5 February)
  • Re: WebAppSec re-charter status Alex Russell (Thursday, 5 February)
  • Re: WebAppSec re-charter status Deian Stefan (Thursday, 5 February)
    • Re: WebAppSec re-charter status Anne van Kesteren (Friday, 6 February)
  • Re: WebAppSec re-charter status Jeffrey Yasskin (Friday, 6 February)
    • Re: WebAppSec re-charter status Brad Hill (Sunday, 8 February)
      • Re: WebAppSec re-charter status Martin Thomson (Monday, 9 February)
        • Re: WebAppSec re-charter status Deian Stefan (Monday, 9 February)
          • Re: WebAppSec re-charter status Devdatta Akhawe (Monday, 9 February)
            • Re: WebAppSec re-charter status Deian Stefan (Monday, 9 February)
            • Re: WebAppSec re-charter status Devdatta Akhawe (Monday, 9 February)
            • Re: WebAppSec re-charter status Deian Stefan (Monday, 9 February)
            • Re: WebAppSec re-charter status Devdatta Akhawe (Monday, 9 February)
            • Re: WebAppSec re-charter status Deian Stefan (Monday, 9 February)
            • Re: WebAppSec re-charter status Devdatta Akhawe (Monday, 9 February)
            • Re: WebAppSec re-charter status David Ross (Wednesday, 11 February)
            • Re: WebAppSec re-charter status Anne van Kesteren (Thursday, 12 February)
            • Re: WebAppSec re-charter status David Ross (Thursday, 12 February)
            • Re: WebAppSec re-charter status Anne van Kesteren (Thursday, 12 February)
            • Re: WebAppSec re-charter status Eduardo' Vela\ (Thursday, 12 February)
            • Re: WebAppSec re-charter status Anne van Kesteren (Thursday, 12 February)
            • Re: WebAppSec re-charter status Eduardo' Vela\ (Thursday, 12 February)
            • Re: WebAppSec re-charter status Anne van Kesteren (Thursday, 12 February)
            • Re: WebAppSec re-charter status Eduardo' Vela\ (Thursday, 12 February)
            • Re: WebAppSec re-charter status David Ross (Thursday, 12 February)
            • Re: WebAppSec re-charter status Bjoern Hoehrmann (Friday, 13 February)
            • Re: WebAppSec re-charter status Bjoern Hoehrmann (Friday, 13 February)
            • Re: WebAppSec re-charter status Brad Hill (Friday, 13 February)
            • Re: WebAppSec re-charter status Eduardo' Vela\ (Friday, 13 February)
            • Re: WebAppSec re-charter status Anne van Kesteren (Friday, 13 February)
            • Re: WebAppSec re-charter status Eduardo' Vela\ (Friday, 13 February)
            • Re: WebAppSec re-charter status Bjoern Hoehrmann (Friday, 13 February)
          • Re: WebAppSec re-charter status Martin Thomson (Monday, 9 February)
• Re: WebAppSec re-charter status Bjoern Hoehrmann (Thursday, 5 February)

Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Oda, Terri (Wednesday, 4 February)

• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West (Wednesday, 4 February)
  • Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Martin Thomson (Wednesday, 4 February)
    • Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West (Wednesday, 4 February)
      • Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Martin Thomson (Wednesday, 4 February)
        • Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West (Thursday, 5 February)
          • Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Martin Thomson (Thursday, 5 February)
            • Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brian Smith (Thursday, 5 February)
            • Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Anne van Kesteren (Thursday, 5 February)
        • Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Oda, Terri (Thursday, 5 February)

An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Mike West (Tuesday, 3 February)

• Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Eduardo' Vela\ (Tuesday, 3 February)
  • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Anne van Kesteren (Tuesday, 3 February)
  • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Anne van Kesteren (Tuesday, 3 February)
    • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Eduardo' Vela\ (Tuesday, 3 February)
• Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Peter Eckersley (Tuesday, 3 February)
  • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Mike West (Tuesday, 3 February)
    • RE: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Crispin Cowan (Tuesday, 3 February)
      • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Anne van Kesteren (Wednesday, 4 February)
        • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Mike West (Wednesday, 4 February)
          • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Anne van Kesteren (Wednesday, 4 February)
    • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Peter Eckersley (Wednesday, 4 February)
      • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Mike West (Wednesday, 4 February)
        • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Peter Eckersley (Wednesday, 4 February)
          • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Mike West (Thursday, 5 February)
            • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Peter Eckersley (Thursday, 5 February)
            • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Mike West (Thursday, 5 February)
            • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Brad Hill (Thursday, 5 February)
            • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Chris Palmer (Thursday, 5 February)
            • Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header) Brad Hill (Thursday, 5 February)

[MIX] 4 possible solutions to the problem of Mixed Content Blocking stalling HTTPS deployment Peter Eckersley (Tuesday, 3 February)

• Re: [MIX] 4 possible solutions to the problem of Mixed Content Blocking stalling HTTPS deployment Tom Ritter (Wednesday, 4 February)
  • Re: [MIX] 4 possible solutions to the problem of Mixed Content Blocking stalling HTTPS deployment Eric Mill (Wednesday, 4 February)
    • Re: [MIX] 4 possible solutions to the problem of Mixed Content Blocking stalling HTTPS deployment Mike West (Wednesday, 4 February)
      • Re: [MIX] 4 possible solutions to the problem of Mixed Content Blocking stalling HTTPS deployment Jacob Hoffman-Andrews (Wednesday, 4 February)
• Re: [MIX] 4 possible solutions to the problem of Mixed Content Blocking stalling HTTPS deployment Daniel Kahn Gillmor (Thursday, 5 February)
  • Re: [MIX] 4 possible solutions to the problem of Mixed Content Blocking stalling HTTPS deployment Peter Eckersley (Friday, 6 February)

Upgrade mixed content URLs through HTTP header Anne van Kesteren (Monday, 2 February)

• Re: Upgrade mixed content URLs through HTTP header Mike West (Monday, 2 February)
  • Re: Upgrade mixed content URLs through HTTP header Anne van Kesteren (Monday, 2 February)
    • Re: Upgrade mixed content URLs through HTTP header Mike West (Monday, 2 February)
      • Re: Upgrade mixed content URLs through HTTP header Anne van Kesteren (Monday, 2 February)
      • Re: Upgrade mixed content URLs through HTTP header Jim Manico (Monday, 2 February)
        • Re: Upgrade mixed content URLs through HTTP header Mike West (Monday, 2 February)
          • Re: Upgrade mixed content URLs through HTTP header Emily Stark (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Emily Stark (Wednesday, 4 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Wednesday, 4 February)
            • Re: Upgrade mixed content URLs through HTTP header Devdatta Akhawe (Friday, 6 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Friday, 6 February)
            • Re: Upgrade mixed content URLs through HTTP header Devdatta Akhawe (Friday, 6 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Friday, 6 February)
            • Re: Upgrade mixed content URLs through HTTP header John Wong (Friday, 6 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Friday, 6 February)
            • Re: Upgrade mixed content URLs through HTTP header Tanvi Vyas (Friday, 6 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Monday, 9 February)
            • Re: Upgrade mixed content URLs through HTTP header Tom Ritter (Tuesday, 17 February)
            • Re: Upgrade mixed content URLs through HTTP header Ryan Sleevi (Tuesday, 17 February)
            • RE: Upgrade mixed content URLs through HTTP header David Walp (Tuesday, 17 February)
      • Re: Upgrade mixed content URLs through HTTP header Peter Eckersley (Tuesday, 3 February)
        • Re: Upgrade mixed content URLs through HTTP header Mike West (Tuesday, 3 February)
          • Re: Upgrade mixed content URLs through HTTP header Eduardo' Vela\ (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Eduardo' Vela\ (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Anne van Kesteren (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Eduardo' Vela\ (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Peter Eckersley (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Peter Eckersley (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Ryan Sleevi (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Anne van Kesteren (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Anne van Kesteren (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Anne van Kesteren (Tuesday, 3 February)
            • Re: Upgrade mixed content URLs through HTTP header Tom Ritter (Wednesday, 4 February)
            • Re: Upgrade mixed content URLs through HTTP header Jacob Hoffman-Andrews (Wednesday, 4 February)
            • Re: Upgrade mixed content URLs through HTTP header Daniel Kahn Gillmor (Wednesday, 4 February)
            • Re: Upgrade mixed content URLs through HTTP header Anne van Kesteren (Wednesday, 4 February)
            • Re: Upgrade mixed content URLs through HTTP header Mike West (Wednesday, 4 February)
            • Re: Upgrade mixed content URLs through HTTP header Peter Eckersley (Tuesday, 3 February)
          • Re: Upgrade mixed content URLs through HTTP header Wendy Seltzer (Tuesday, 3 February)
    • Re: Upgrade mixed content URLs through HTTP header Jim Manico (Monday, 2 February)
  • Re: Upgrade mixed content URLs through HTTP header Austin William Wright (Wednesday, 4 February)
• Re: Upgrade mixed content URLs through HTTP header Daniel Kahn Gillmor (Monday, 2 February)
  • Re: Upgrade mixed content URLs through HTTP header Anne van Kesteren (Tuesday, 3 February)
  • Re: Upgrade mixed content URLs through HTTP header Peter Eckersley (Tuesday, 3 February)
• Re: Upgrade mixed content URLs through HTTP header David Bruant (Tuesday, 3 February)
• RE: Upgrade mixed content URLs through HTTP header Xiaoyin Liu (Friday, 6 February)
• Re: Upgrade mixed content URLs through HTTP header =JeffH (Monday, 23 February)

Re: [CSP] Dynamic CSP Yoav Weiss (Monday, 2 February)

• RE: [CSP] Dynamic CSP Crispin Cowan (Monday, 2 February)
  • Re: [CSP] Dynamic CSP Mike West (Wednesday, 4 February)
    • Re: [CSP] Dynamic CSP Daniel Kahn Gillmor (Wednesday, 4 February)
      • Re: [CSP] Dynamic CSP Mike West (Wednesday, 4 February)
        • Re: [CSP] Dynamic CSP Daniel Kahn Gillmor (Wednesday, 4 February)
          • Re: [CSP] Dynamic CSP Deian Stefan (Wednesday, 4 February)
          • Re: [CSP] Dynamic CSP Mike West (Thursday, 5 February)

CfC to publish FPWD of CSP Pinning; deadline Feb. 9th Mike West (Monday, 2 February)

• Re: CfC to publish FPWD of CSP Pinning; deadline Feb. 9th Mike West (Tuesday, 10 February)
  • Re: CfC to publish FPWD of CSP Pinning; deadline Feb. 9th Mike West (Monday, 16 February)
    • Re: CfC to publish FPWD of CSP Pinning; deadline Feb. 9th Deian Stefan (Monday, 16 February)
      • Re: CfC to publish FPWD of CSP Pinning; deadline Feb. 9th Mike West (Monday, 16 February)
        • Re: CfC to publish FPWD of CSP Pinning; deadline Feb. 9th Deian Stefan (Monday, 16 February)
          • Re: CfC to publish FPWD of CSP Pinning; deadline Feb. 9th Mike West (Monday, 16 February)
• Re: CfC to publish FPWD of CSP Pinning; deadline Feb. 9th Brad Hill (Monday, 23 February)

Server Certificates, Internal Names, and Browser support after October 2016 Jeffrey Walton (Monday, 2 February)

• Re: Server Certificates, Internal Names, and Browser support after October 2016 Tom Ritter (Monday, 2 February)

Re: Proposal: A pinning mechanism for CSP? Daniel Veditz (Sunday, 1 February)

• Re: Proposal: A pinning mechanism for CSP? Mike West (Monday, 2 February)
• Re: Proposal: A pinning mechanism for CSP? Brian Smith (Friday, 6 February)
  • Re: Proposal: A pinning mechanism for CSP? Mike West (Saturday, 7 February)
    • Re: Proposal: A pinning mechanism for CSP? Eric Mill (Saturday, 7 February)
      • Re: Proposal: A pinning mechanism for CSP? Mike West (Monday, 9 February)
    • Re: Proposal: A pinning mechanism for CSP? Brian Smith (Monday, 9 February)
      • Re: Proposal: A pinning mechanism for CSP? Mike West (Monday, 9 February)
        • Re: Proposal: A pinning mechanism for CSP? Brian Smith (Wednesday, 11 February)
          • Re: Proposal: A pinning mechanism for CSP? Mike West (Thursday, 12 February)

Last message date: Friday, 27 February 2015 18:21:56 UTC