W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)

From: Mike West <mkwst@google.com>
Date: Thu, 29 Jan 2015 11:18:18 +0100
Message-ID: <CAKXHy=d3onKZxFAm8TZPqUnuifUPWJ0LWVnJCw7kUsu8L8ba+Q@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Joel Weinberger <jww@chromium.org>, Brian Smith <brian@briansmith.org>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jan 29, 2015 at 10:54 AM, Anne van Kesteren <annevk@annevk.nl>

> Given that nothing else outlaws public IP addresses we probably want
> to support them in the long term. The main problem is the parsing and
> comparison not being defined in sufficient detail.

The only piece that isn't defined is IPv6 matching. We define IP address
matching, it just doesn't make sense when wildcards come in. :)


Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Thursday, 29 January 2015 10:19:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:45 UTC