Re: Proposal: A pinning mechanism for CSP?

Brad,

I think your comment "somewhat dubious threat model" insinuates where
you stand on this and that's cool. I think the risk of response header
splitting and similar is also "dubious" and feel the need for a
response header pin over-riding a manifest-like pin to be important
for developer ease of use, at least.

How can we take these ideas and build a more formal and publishable
threat model? I am the noob around here, at best, but I'd like to help
somehow.

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On Jan 23, 2015, at 13:54, Brad Hill <hillbrad@gmail.com> wrote:
>
> somewhat dubious threat model

Received on Saturday, 24 January 2015 03:41:04 UTC