W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)

From: Brian Smith <brian@briansmith.org>
Date: Mon, 26 Jan 2015 11:46:01 -0800
Message-ID: <CAFewVt79amPF6b8DyRoEn03gMLpixu60tMijyAZy9osfnHi6xQ@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: Mike West <mkwst@google.com>, Anne van Kesteren <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Brad Hill <hillbrad@gmail.com> wrote:
> Public CAs are only to stop issuing for IP addresses in reserved ranges, I
> believe. (,,,

Yes, unfortunately, that does seem to be the case.

I still think it is fine for CSP to restrict itself to and ::1.

Received on Monday, 26 January 2015 19:46:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC