public-webappsec@w3.org from January 2015 by date

Saturday, 31 January 2015

• Re: [SRI] format of the integrity attribute Francois Marier
• Re: [SRI] format of the integrity attribute Martin Thomson
• Re: [SRI] format of the integrity attribute Francois Marier

Friday, 30 January 2015

• Re: postMessage, workers and sandboxing Deian Stefan
• Re: postMessage, workers and sandboxing Brad Hill
• Re: postMessage, workers and sandboxing Deian Stefan
• Re: Security use cases for packaging Chris Palmer
• Re: Proposal: A pinning mechanism for CSP? Brad Hill
• Re: Proposal: A pinning mechanism for CSP? Mike West
• Re: Proposal: A pinning mechanism for CSP? Brad Hill
• Re: Proposal: A pinning mechanism for CSP? Mike West
• Re: Proposal: A pinning mechanism for CSP? Deian Stefan
• Re: Proposal: A pinning mechanism for CSP? Yan Zhu
• Re: Proposal: A pinning mechanism for CSP? Brad Hill
• Re: postMessage, workers and sandboxing Brad Hill
• Re: Security use cases for packaging Daniel Kahn Gillmor
• Re: Proposal: A pinning mechanism for CSP? Mike West
• Re: [SRI] format of the integrity attribute Anne van Kesteren
• Re: [SRI] format of the integrity attribute Joel Weinberger
• Re: Proposal: A pinning mechanism for CSP? Mike West
• Re: Security use cases for packaging Yan Zhu
• Re: Proposal: A pinning mechanism for CSP? Deian Stefan
• Re: postMessage, workers and sandboxing Deian Stefan
• Re: [CSP] Dynamic CSP Deian Stefan
• Re: CSP3: DOM API Strawman Deian Stefan
• Re: Security use cases for packaging Daniel Kahn Gillmor
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? Deian Stefan
• Re: Security use cases for packaging Yan Zhu
• [CSP] CSP3: Request for comments on message-src and message-sink Deian Stefan
• Re: Security use cases for packaging Deian Stefan

Thursday, 29 January 2015

• Re: Security use cases for packaging Ilya Grigorik
• Re: Security use cases for packaging Devdatta Akhawe
• Re: Security use cases for packaging Brad Hill
• Re: Security use cases for packaging Yan Zhu
• Re: Security use cases for packaging Chris Palmer
• Security use cases for packaging Yan Zhu
• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor Brad Hill
• Re: [SRI] format of the integrity attribute Anne van Kesteren
• Re: [SRI] format of the integrity attribute Martin Thomson
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Joel Weinberger
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brian Smith
• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor Joel Weinberger
• Re: POWER: Combining document and settings object checks. Jeffrey Yasskin
• Re: POWER: Combining document and settings object checks. Mike West
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Joel Weinberger
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Anne van Kesteren
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West
• POWER: Combining document and settings object checks. Mike West
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Anne van Kesteren
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Anne van Kesteren
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Joel Weinberger
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West
• Re: [SRI] format of the integrity attribute Anne van Kesteren
• Re: [SRI] format of the integrity attribute Martin Thomson
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? david kaye
• Re: [SRI] format of the integrity attribute Francois Marier
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? Deian Stefan

Wednesday, 28 January 2015

• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor Devdatta Akhawe
• Re: [SRI] format of the integrity attribute Devdatta Akhawe
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brian Smith
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? david kaye
• Re: [SRI] format of the integrity attribute Daniel Veditz
• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor Frederik Braun
• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor Mike West
• [SRI] Suggesting Francois Marier (Mozilla) as editor Frederik Braun
• Re: Plugin data (was Re: Comments on Mixed Content) Mike West
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? Mike West
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West
• Re: CfC: Transition CSP2 to CR. Francois Marier
• Re: CfC: Transition CSP2 to CR. Mike West

Tuesday, 27 January 2015

• CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? david kaye

Wednesday, 28 January 2015

• Re: CfC: Transition CSP2 to CR. Francois Marier

Tuesday, 27 January 2015

• Re: Plugin data (was Re: Comments on Mixed Content) Tanvi Vyas
• Re: [MIX] HSTS, SW and mixed-content Mike West
• CfC: Transition CSP2 to CR. Mike West
• Re: [MIX] HSTS, SW and mixed-content Anne van Kesteren
• Re: [MIX] HSTS, SW and mixed-content Mike West
• [MIX] HSTS, SW and mixed-content Yves Lafon
• Re: Service workers and CSP Anne van Kesteren
• Re: Service workers and CSP Mike West
• Service workers and CSP Anne van Kesteren
• [SRI] format of the integrity attribute Francois Marier
• Re: Cancelling next week's call? Jim Manico
• Re: Cancelling next week's call? Brad Hill
• RE: Cancelling next week's call? Crispin Cowan

Monday, 26 January 2015

• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brian Smith
• Re: Proposal: A pinning mechanism for CSP? Mike West

Friday, 23 January 2015

• Re: Proposal: A pinning mechanism for CSP? Yan Zhu

Monday, 26 January 2015

• Re: Proposal: A pinning mechanism for CSP? Yan Zhu
• Re: Proposal: A pinning mechanism for CSP? Brad Hill

Sunday, 25 January 2015

• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Daniel Veditz
• Re: [CSP] violation reports for sandbox Daniel Veditz

Saturday, 24 January 2015

• Re: Proposal: A pinning mechanism for CSP? Jim Manico
• Re: Proposal: A pinning mechanism for CSP? Brad Hill
• Re: Proposal: A pinning mechanism for CSP? Jim Manico

Friday, 23 January 2015

• RE: Cancelling next week's call? Crispin Cowan
• Re: Proposal: A pinning mechanism for CSP? Brad Hill
• Re: Proposal: A pinning mechanism for CSP? Mike West
• Re: Proposal: A pinning mechanism for CSP? Chris Palmer
• Re: Proposal: A pinning mechanism for CSP? Jim Manico
• Re: Proposal: A pinning mechanism for CSP? Brad Hill
• Re: Proposal: A pinning mechanism for CSP? Jim Manico
• Re: Proposal: A pinning mechanism for CSP? Mike West
• Re: Proposal: A pinning mechanism for CSP? Jim Manico
• Re: Proposal: A pinning mechanism for CSP? Mike West
• Re: Proposal: A pinning mechanism for CSP? Jim Manico
• Re: Proposal: A pinning mechanism for CSP? Jim Manico
• Re: Proposal: A pinning mechanism for CSP? Anne van Kesteren
• Re: Proposal: A pinning mechanism for CSP? Mike West
• Re: Proposal: A pinning mechanism for CSP? Jim Manico
• Re: Proposal: A pinning mechanism for CSP? Frederik Braun
• Proposal: A pinning mechanism for CSP? Mike West
• Re: Cancelling next week's call? Jim Manico

Thursday, 22 January 2015

• RE: Cancelling next week's call? Crispin Cowan
• Re: Cancelling next week's call? Neil Matatall
• Re: Cancelling next week's call? Brad Hill
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brad Hill
• Re: Cancelling next week's call? Brad Hill
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brian Smith
• Cancelling next week's call? Brad Hill
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Brad Hill
• Re: [CSP] Dynamic CSP Joel Weinberger
• Re: [CSP] Clarifications on nonces Mike West
• Re: Plugin data (was Re: Comments on Mixed Content) Mike West
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Mike West
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brad Hill
• Re: [CSP] Dynamic CSP Boris Chen
• Re: [CSP] Dynamic CSP Mike West
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West

Wednesday, 21 January 2015

• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brian Smith
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Brad Hill
• CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) Mike West
• Re: [CSP] URI/IRI normalization and comparison Anne van Kesteren
• Re: [CSP] URI/IRI normalization and comparison Mike West
• Re: [CSP] URI/IRI normalization and comparison Anne van Kesteren
• CREDENTIAL: And now for something completely different... Mike West

Tuesday, 20 January 2015

• Re: [CSP2] Browser Support Brad Hill
• Re: [Integrity] typos with ni URIs Anne van Kesteren
• Re: [Integrity] typos with ni URIs Brad Hill
• Re: [Integrity] typos with ni URIs Anne van Kesteren
• Re: [Integrity] typos with ni URIs Brad Hill
• Re: [Integrity] typos with ni URIs Brian Smith
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Brian Smith
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Tanvi Vyas
• Re: [CSP] URI/IRI normalization and comparison Mike West
• Re: [Integrity] typos with ni URIs Anne van Kesteren
• Re: [Integrity] typos with ni URIs Frederik Braun
• Re: [Integrity] typos with ni URIs Anne van Kesteren
• Re: [CSP] URI/IRI normalization and comparison Anne van Kesteren
• Re: [Integrity] typos with ni URIs Mike West
• Re: [Integrity] typos with ni URIs Francois Marier
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Mike West
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Anne van Kesteren
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Mike West
• Re: [CSP] <meta> clarifications Mike West
• Re: [Integrity] typos with ni URIs Anne van Kesteren
• Re: [Integrity] typos with ni URIs Mike West
• Re: [CSP] violation reports for sandbox Mike West
• Re: [CSP] Clarifications regarding the HTTP LINK Header Mike West
• Re: [Integrity] typos with ni URIs Martin Thomson

Monday, 19 January 2015

• Re: [CSP] violation reports for sandbox Brian Smith
• Re: [CSP] Clarifications regarding the HTTP LINK Header Brian Smith
• Re: [Integrity] typos with ni URIs Brian Smith
• Re: [CSP2] Browser Support Jim Manico
• Re: CSP Versions in Violation Reports Boris Chen
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Mike West
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Brian Smith
• Re: [CSP] <meta> clarifications Brian Smith
• Re: [Integrity] typos with ni URIs Mike West
• Re: [CSP] <meta> clarifications Mike West
• Re: CSP Versions in Violation Reports Devdatta Akhawe
• Re: CSP Versions in Violation Reports Anne van Kesteren

Friday, 16 January 2015

• [CSP2] Browser Support Vítor Magano

Sunday, 18 January 2015

• [CSP2] Browser Support Vítor Magano

Monday, 19 January 2015

• CSP Versions in Violation Reports Boris Chen
• Re: [CSP] <meta> clarifications Brian Smith
• Re: [Integrity] typos with ni URIs Martin Thomson
• Re: [Integrity] typos with ni URIs Brian Smith
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• Re: [CSP] URI/IRI normalization and comparison Brian Smith

Sunday, 18 January 2015

• [SRI] Reserving the "authority" component of NI URIs for later use? Francois Marier

Saturday, 17 January 2015

• Re: [CSP] Accepting base64-url Mike West

Friday, 16 January 2015

• Re: [CSP] Accepting base64-url Brad Hill
• [CSP] Accepting base64-url Joel Weinberger
• Re: [CSP] Clarifications regarding the HTTP LINK Header Mike West
• Re: [CSP] URI/IRI normalization and comparison Mike West
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Mike West
• Re: Plugin data (was Re: Comments on Mixed Content) Mike West
• Re: Comments on Mixed Content Mike West

Thursday, 15 January 2015

• Plugin data (was Re: Comments on Mixed Content) Tanvi Vyas
• RE: Comments on Mixed Content David Walp
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) Tanvi Vyas
• Re: [CSP] URI/IRI normalization and comparison Brad Hill
• Re: [CSP] URI/IRI normalization and comparison Brian Smith
• Re: [CSP] URI/IRI normalization and comparison Mike West
• Re: [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete? Mike West
• Re: [CSP] <meta> clarifications Mike West
• Re: [CSP] violation reports for sandbox Mike West
• Re: [CSP] Relative/absolute hostname matching Mike West
• Re: [MIX] PF comments on Mixed Content - accessible indication and user controls Mike West
• Re: Comments on Mixed Content Mike West
• Re: [Integrity] typos with ni URIs Martin Thomson
• Re: [Integrity] typos with ni URIs Jeffrey Walton
• Re: [Integrity] typos with ni URIs Martin Thomson
• Re: [Integrity] typos with ni URIs Devdatta Akhawe
• Re: [Integrity] typos with ni URIs Brian Smith
• Re: Comments on Mixed Content Brian Smith
• RE: Comments on Mixed Content David Walp

Wednesday, 14 January 2015

• Re: [MIX] PF comments on Mixed Content - accessible indication and user controls Michael Cooper
• Re: Comments on Mixed Content Mike West
• Re: Comments on Mixed Content Mike West

Tuesday, 13 January 2015

• RE: Comments on Mixed Content David Walp
• Re: [CSP3] Allow plugin-types "none" Craig Francis
• Re: [CSP3] Allow plugin-types "none" Joel Weinberger
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. yan

Monday, 12 January 2015

• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Jim Manico
• webappsec-ACTION-211: Ask github if they prefer fail open / closed on unknown hashes Web Application Security Working Group Issue Tracker
• webappsec-ACTION-210: Move sri bugs in bugzilla to github Web Application Security Working Group Issue Tracker
• webappsec-ACTION-209: Ask open data/linked data groups for info on data publishing for use in secure context Web Application Security Working Group Issue Tracker
• Re: Accessibility of security indicators Oda, Terri
• Re: [webappsec] Teleconference Agenda, 12-Jan-2015 12:00 PST Brad Hill
• Re: [CSP] How to interpret 'self' in a sandboxed iframe Anne van Kesteren
• Re: [CSP] How to interpret 'self' in a sandboxed iframe Daniel Veditz
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Daniel Veditz
• [webappsec] Teleconference Agenda, 12-Jan-2015 12:00 PST Brad Hill

Friday, 9 January 2015

• Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? Brad Hill
• Re: [CSP] Geotargetting? Bjoern Hoehrmann
• Re: [CSP] Geotargetting? Brad Hill
• [CORS] Implementation Report links in CORS REC return errors Arthur Barstow
• Re: [CSP] Geotargetting? Jacob Bednarz
• Re: [CSP] Geotargetting? Anne van Kesteren
• [CSP] Geotargetting? Jacob Bednarz

Thursday, 8 January 2015

• RE: Accessibility of security indicators Ben Wilson
• Re: Avoiding syncronous manifest requests in EPR David Ross
• Re: Adding window.opener control to referrer-policy? Devdatta Akhawe
• Re: [CSP] How to interpret 'self' in a sandboxed iframe Joel Weinberger
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Chris Palmer
• Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? Brad Hill
• Re: [CSP] How to interpret 'self' in a sandboxed iframe Brad Hill
• Re: [CSP3] Allow plugin-types "none" Mike West
• Re: [SRI] providing good defaults when the expected content type is missing? Joel Weinberger
• Re: [CSP3] Allow plugin-types "none" Joel Weinberger
• Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? Mark Nottingham
• Re: [CSP3] Allow plugin-types "none" Craig Francis
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Daniel Kahn Gillmor
• Re: Accessibility of security indicators chaals@yandex-team.ru
• Re: Accessibility of security indicators Mike West
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Mike West
• Re: [CSP3] Allow plugin-types "none" Mike West
• Re: [CSP3] Allow plugin-types "none" Craig Francis
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. chaals@yandex-team.ru
• Re: [SRI] Include sha-384 in the spec? Frederik Braun
• Accessibility of security indicators chaals@yandex-team.ru
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Mike West
• Re: Comments on Mixed Content Mike West
• Re: [CSP] How to interpret 'self' in a sandboxed iframe Mike West
• Re: [SRI] providing good defaults when the expected content type is missing? Mike West
• Re: [CSP3] Allow paths without a domain Mike West
• Re: [CSP3] Allow plugin-types "none" Mike West
• Re: [REFERRER] Combination of referrer directive values Mike West
• Re: [CSP3] 404 error from https://w3c.github.io/webappsec/specs/content-security-policy/ Mike West
• Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? Mike West
• Re: [SRI] Include sha-384 in the spec? Mike West
• Re: Adding window.opener control to referrer-policy? Mike West
• Re: Adding window.opener control to referrer-policy? Anne van Kesteren

Wednesday, 7 January 2015

• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Chris Palmer
• Re: Adding window.opener control to referrer-policy? Brad Hill
• Re: Adding window.opener control to referrer-policy? Boris Zbarsky
• Adding window.opener control to referrer-policy? Brad Hill
• Re: [SRI] Include sha-384 in the spec? Joel Weinberger
• Re: [Integrity] typos with ni URIs Joel Weinberger
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Jim Manico
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Craig Francis
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Jim Manico
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Craig Francis
• Re: [Integrity] typos with ni URIs Frederik Braun
• [SRI] Include sha-384 in the spec? Francois Marier
• Re: [Integrity] typos with ni URIs Joel Weinberger
• [Integrity] typos with ni URIs Manger, James

Tuesday, 6 January 2015

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Chris Palmer
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Chris Palmer

Monday, 5 January 2015

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Brad Hill
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Jeffrey Yasskin
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Brad Hill
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Brad Hill
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Mark Watson
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Jim Manico
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Chris Palmer
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Chris Palmer
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Jeffrey Yasskin
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Mark Watson
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Chris Palmer
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Mark Watson
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Daniel Kahn Gillmor
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Chris Palmer
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Michal Zalewski
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Boris Zbarsky
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Jeffrey Yasskin
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Anne van Kesteren
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Martin Thomson
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Boris Zbarsky
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Boris Zbarsky
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Brad Hill
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Anne van Kesteren
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Anne van Kesteren
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Martin Thomson
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. yan
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Daniel Kahn Gillmor
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Anne van Kesteren
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Daniel Kahn Gillmor
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Boris Zbarsky
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Tim Berners-Lee
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Anne van Kesteren
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Mathias Bynens
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Tim Berners-Lee
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Anne van Kesteren
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Tim Berners-Lee
• [Bug 27748] New: Value of @integrity attribute not sufficiently prescriptive bugzilla@jessica.w3.org
• [Bug 27747] New: Integrity of font content bugzilla@jessica.w3.org
• [Bug 27746] New: Integrity of image content bugzilla@jessica.w3.org
• [Bug 27745] New: Should define the term 'integrity' bugzilla@jessica.w3.org
• [Bug 27744] New: Should define the term 'subresource' bugzilla@jessica.w3.org
• [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? Francois Marier

Saturday, 3 January 2015

• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Jim Manico
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure Jim Manico
• Re: [SRI] unsupported hashes and invalid metadata Devdatta Akhawe
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure ianG
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure Craig Francis
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure Jim Manico
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure Craig Francis

Friday, 2 January 2015

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Joel Weinberger
• optimistic HTTP → HTTPS [was: Re: Require HTTPS scripts to be able to anything HTTP scripts can do.] Daniel Kahn Gillmor
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Jim Manico
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure Jim Manico
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Jim Manico
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Brad Hill
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Michal Zalewski
• [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. Tim Berners-Lee
• Re: [CSP3] 404 error from https://w3c.github.io/webappsec/specs/content-security-policy/ Brad Hill

Tuesday, 30 December 2014

• [CSP3] 404 error from https://w3c.github.io/webappsec/specs/content-security-policy/ Seb Schmoller

Last message date: Saturday, 31 January 2015 04:10:26 UTC