Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) from Brian Smith on 2015-01-26 (public-webappsec@w3.org from January 2015)

From: Brian Smith <brian@briansmith.org>
Date: Mon, 26 Jan 2015 11:46:01 -0800
To: Brad Hill <hillbrad@gmail.com>
Cc: Mike West <mkwst@google.com>, Anne van Kesteren <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAFewVt79amPF6b8DyRoEn03gMLpixu60tMijyAZy9osfnHi6xQ@mail.gmail.com>

Brad Hill <hillbrad@gmail.com> wrote:
> Public CAs are only to stop issuing for IP addresses in reserved ranges, I
> believe. (10.0.0.0, 171.16.0.0, 192.168.0.0, 127.0.0.1)

Yes, unfortunately, that does seem to be the case.

I still think it is fine for CSP to restrict itself to 127.0.0.1 and ::1.

Cheers,
Brian

Received on Monday, 26 January 2015 19:46:28 UTC