public-webappsec@w3.org from January 2015 by author

Anne van Kesteren

• Re: [SRI] format of the integrity attribute (Friday, 30 January)
• Re: [SRI] format of the integrity attribute (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: [SRI] format of the integrity attribute (Thursday, 29 January)
• Re: [MIX] HSTS, SW and mixed-content (Tuesday, 27 January)
• Re: Service workers and CSP (Tuesday, 27 January)
• Service workers and CSP (Tuesday, 27 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: [CSP] URI/IRI normalization and comparison (Wednesday, 21 January)
• Re: [CSP] URI/IRI normalization and comparison (Wednesday, 21 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [CSP] URI/IRI normalization and comparison (Tuesday, 20 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: CSP Versions in Violation Reports (Monday, 19 January)
• Re: [CSP] How to interpret 'self' in a sandboxed iframe (Monday, 12 January)
• Re: [CSP] Geotargetting? (Friday, 9 January)
• Re: Adding window.opener control to referrer-policy? (Thursday, 8 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)

Arthur Barstow

• [CORS] Implementation Report links in CORS REC return errors (Friday, 9 January)

Ben Wilson

• RE: Accessibility of security indicators (Thursday, 8 January)

Bjoern Hoehrmann

• Re: [CSP] Geotargetting? (Friday, 9 January)

Boris Chen

• Re: [CSP] Dynamic CSP (Thursday, 22 January)
• Re: CSP Versions in Violation Reports (Monday, 19 January)
• CSP Versions in Violation Reports (Monday, 19 January)

Boris Zbarsky

• Re: Adding window.opener control to referrer-policy? (Wednesday, 7 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)

Brad Hill

• Re: postMessage, workers and sandboxing (Friday, 30 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: postMessage, workers and sandboxing (Friday, 30 January)
• Re: Security use cases for packaging (Thursday, 29 January)
• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor (Thursday, 29 January)
• Re: Cancelling next week's call? (Tuesday, 27 January)
• Re: Proposal: A pinning mechanism for CSP? (Monday, 26 January)
• Re: Proposal: A pinning mechanism for CSP? (Saturday, 24 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Cancelling next week's call? (Thursday, 22 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 22 January)
• Re: Cancelling next week's call? (Thursday, 22 January)
• Cancelling next week's call? (Thursday, 22 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Thursday, 22 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 22 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Wednesday, 21 January)
• Re: [CSP2] Browser Support (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [CSP] Accepting base64-url (Friday, 16 January)
• Re: [CSP] URI/IRI normalization and comparison (Thursday, 15 January)
• Re: [webappsec] Teleconference Agenda, 12-Jan-2015 12:00 PST (Monday, 12 January)
• [webappsec] Teleconference Agenda, 12-Jan-2015 12:00 PST (Monday, 12 January)
• Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? (Friday, 9 January)
• Re: [CSP] Geotargetting? (Friday, 9 January)
• Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? (Thursday, 8 January)
• Re: [CSP] How to interpret 'self' in a sandboxed iframe (Thursday, 8 January)
• Re: Adding window.opener control to referrer-policy? (Wednesday, 7 January)
• Adding window.opener control to referrer-policy? (Wednesday, 7 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Friday, 2 January)
• Re: [CSP3] 404 error from https://w3c.github.io/webappsec/specs/content-security-policy/ (Friday, 2 January)

Brian Smith

• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Wednesday, 28 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Monday, 26 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 22 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Wednesday, 21 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Tuesday, 20 January)
• Re: [CSP] violation reports for sandbox (Monday, 19 January)
• Re: [CSP] Clarifications regarding the HTTP LINK Header (Monday, 19 January)
• Re: [Integrity] typos with ni URIs (Monday, 19 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Monday, 19 January)
• Re: [CSP] <meta> clarifications (Monday, 19 January)
• Re: [CSP] <meta> clarifications (Monday, 19 January)
• Re: [Integrity] typos with ni URIs (Monday, 19 January)
• Re: [CSP] URI/IRI normalization and comparison (Monday, 19 January)
• Re: [CSP] URI/IRI normalization and comparison (Monday, 19 January)
• Re: [CSP] URI/IRI normalization and comparison (Thursday, 15 January)
• Re: [Integrity] typos with ni URIs (Thursday, 15 January)
• Re: Comments on Mixed Content (Thursday, 15 January)

bugzilla@jessica.w3.org

• [Bug 27748] New: Value of @integrity attribute not sufficiently prescriptive (Monday, 5 January)
• [Bug 27747] New: Integrity of font content (Monday, 5 January)
• [Bug 27746] New: Integrity of image content (Monday, 5 January)
• [Bug 27745] New: Should define the term 'integrity' (Monday, 5 January)
• [Bug 27744] New: Should define the term 'subresource' (Monday, 5 January)

chaals@yandex-team.ru

• Re: Accessibility of security indicators (Thursday, 8 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Thursday, 8 January)
• Accessibility of security indicators (Thursday, 8 January)

Chris Palmer

• Re: Security use cases for packaging (Friday, 30 January)
• Re: Security use cases for packaging (Thursday, 29 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Thursday, 8 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Wednesday, 7 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Tuesday, 6 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Tuesday, 6 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)

Craig Francis

• Re: [CSP3] Allow plugin-types "none" (Tuesday, 13 January)
• Re: [CSP3] Allow plugin-types "none" (Thursday, 8 January)
• Re: [CSP3] Allow plugin-types "none" (Thursday, 8 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Wednesday, 7 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Wednesday, 7 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Saturday, 3 January)
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure (Saturday, 3 January)

Crispin Cowan

• RE: Cancelling next week's call? (Tuesday, 27 January)
• RE: Cancelling next week's call? (Friday, 23 January)
• RE: Cancelling next week's call? (Thursday, 22 January)

Daniel Kahn Gillmor

• Re: Security use cases for packaging (Friday, 30 January)
• Re: Security use cases for packaging (Friday, 30 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Thursday, 8 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• optimistic HTTP → HTTPS [was: Re: Require HTTPS scripts to be able to anything HTTP scripts can do.] (Friday, 2 January)

Daniel Veditz

• Re: [SRI] format of the integrity attribute (Wednesday, 28 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Sunday, 25 January)
• Re: [CSP] violation reports for sandbox (Sunday, 25 January)
• Re: [CSP] How to interpret 'self' in a sandboxed iframe (Monday, 12 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Monday, 12 January)

david kaye

• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? (Thursday, 29 January)
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? (Wednesday, 28 January)
• CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? (Tuesday, 27 January)

David Ross

• Re: Avoiding syncronous manifest requests in EPR (Thursday, 8 January)

David Walp

• RE: Comments on Mixed Content (Thursday, 15 January)
• RE: Comments on Mixed Content (Thursday, 15 January)
• RE: Comments on Mixed Content (Tuesday, 13 January)

Deian Stefan

• Re: postMessage, workers and sandboxing (Friday, 30 January)
• Re: postMessage, workers and sandboxing (Friday, 30 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: postMessage, workers and sandboxing (Friday, 30 January)
• Re: [CSP] Dynamic CSP (Friday, 30 January)
• Re: CSP3: DOM API Strawman (Friday, 30 January)
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? (Friday, 30 January)
• [CSP] CSP3: Request for comments on message-src and message-sink (Friday, 30 January)
• Re: Security use cases for packaging (Friday, 30 January)
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? (Thursday, 29 January)

Devdatta Akhawe

• Re: Security use cases for packaging (Thursday, 29 January)
• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor (Wednesday, 28 January)
• Re: [SRI] format of the integrity attribute (Wednesday, 28 January)
• Re: CSP Versions in Violation Reports (Monday, 19 January)
• Re: [Integrity] typos with ni URIs (Thursday, 15 January)
• Re: Adding window.opener control to referrer-policy? (Thursday, 8 January)
• Re: [SRI] unsupported hashes and invalid metadata (Saturday, 3 January)

Francois Marier

• Re: [SRI] format of the integrity attribute (Saturday, 31 January)
• Re: [SRI] format of the integrity attribute (Saturday, 31 January)
• Re: [SRI] format of the integrity attribute (Thursday, 29 January)
• Re: CfC: Transition CSP2 to CR. (Wednesday, 28 January)
• Re: CfC: Transition CSP2 to CR. (Wednesday, 28 January)
• [SRI] format of the integrity attribute (Tuesday, 27 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• [SRI] Reserving the "authority" component of NI URIs for later use? (Sunday, 18 January)
• [SRI] Include sha-384 in the spec? (Wednesday, 7 January)
• [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? (Monday, 5 January)

Frederik Braun

• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor (Wednesday, 28 January)
• [SRI] Suggesting Francois Marier (Mozilla) as editor (Wednesday, 28 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [SRI] Include sha-384 in the spec? (Thursday, 8 January)
• Re: [Integrity] typos with ni URIs (Wednesday, 7 January)

ianG

• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure (Saturday, 3 January)

Ilya Grigorik

• Re: Security use cases for packaging (Thursday, 29 January)

Jacob Bednarz

• Re: [CSP] Geotargetting? (Friday, 9 January)
• [CSP] Geotargetting? (Friday, 9 January)

Jeffrey Walton

• Re: [Integrity] typos with ni URIs (Thursday, 15 January)

Jeffrey Yasskin

• Re: POWER: Combining document and settings object checks. (Thursday, 29 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)

Jim Manico

• Re: Cancelling next week's call? (Tuesday, 27 January)
• Re: Proposal: A pinning mechanism for CSP? (Saturday, 24 January)
• Re: Proposal: A pinning mechanism for CSP? (Saturday, 24 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Cancelling next week's call? (Friday, 23 January)
• Re: [CSP2] Browser Support (Monday, 19 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Monday, 12 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Wednesday, 7 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Wednesday, 7 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [blink-dev] Proposal: Marking HTTP As Non-Secure (Saturday, 3 January)
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure (Saturday, 3 January)
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure (Saturday, 3 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Friday, 2 January)
• Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure (Friday, 2 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Friday, 2 January)

Joel Weinberger

• Re: [SRI] format of the integrity attribute (Friday, 30 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: [CSP] Dynamic CSP (Thursday, 22 January)
• [CSP] Accepting base64-url (Friday, 16 January)
• Re: [CSP3] Allow plugin-types "none" (Tuesday, 13 January)
• Re: [CSP] How to interpret 'self' in a sandboxed iframe (Thursday, 8 January)
• Re: [SRI] providing good defaults when the expected content type is missing? (Thursday, 8 January)
• Re: [CSP3] Allow plugin-types "none" (Thursday, 8 January)
• Re: [SRI] Include sha-384 in the spec? (Wednesday, 7 January)
• Re: [Integrity] typos with ni URIs (Wednesday, 7 January)
• Re: [Integrity] typos with ni URIs (Wednesday, 7 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Friday, 2 January)

Manger, James

• [Integrity] typos with ni URIs (Wednesday, 7 January)

Mark Nottingham

• Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? (Thursday, 8 January)

Mark Watson

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)

Martin Thomson

• Re: [SRI] format of the integrity attribute (Saturday, 31 January)
• Re: [SRI] format of the integrity attribute (Thursday, 29 January)
• Re: [SRI] format of the integrity attribute (Thursday, 29 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Monday, 19 January)
• Re: [Integrity] typos with ni URIs (Thursday, 15 January)
• Re: [Integrity] typos with ni URIs (Thursday, 15 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)

Mathias Bynens

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)

Michael Cooper

• Re: [MIX] PF comments on Mixed Content - accessible indication and user controls (Wednesday, 14 January)

Michal Zalewski

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Friday, 2 January)

Mike West

• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: POWER: Combining document and settings object checks. (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• POWER: Combining document and settings object checks. (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 29 January)
• Re: [SRI] Suggesting Francois Marier (Mozilla) as editor (Wednesday, 28 January)
• Re: Plugin data (was Re: Comments on Mixed Content) (Wednesday, 28 January)
• Re: CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'? (Wednesday, 28 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Wednesday, 28 January)
• Re: CfC: Transition CSP2 to CR. (Wednesday, 28 January)
• Re: [MIX] HSTS, SW and mixed-content (Tuesday, 27 January)
• CfC: Transition CSP2 to CR. (Tuesday, 27 January)
• Re: [MIX] HSTS, SW and mixed-content (Tuesday, 27 January)
• Re: Service workers and CSP (Tuesday, 27 January)
• Re: Proposal: A pinning mechanism for CSP? (Monday, 26 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: [CSP] Clarifications on nonces (Thursday, 22 January)
• Re: Plugin data (was Re: Comments on Mixed Content) (Thursday, 22 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Thursday, 22 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 22 January)
• Re: [CSP] Dynamic CSP (Thursday, 22 January)
• Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Thursday, 22 January)
• CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) (Wednesday, 21 January)
• Re: [CSP] URI/IRI normalization and comparison (Wednesday, 21 January)
• CREDENTIAL: And now for something completely different... (Wednesday, 21 January)
• Re: [CSP] URI/IRI normalization and comparison (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Tuesday, 20 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Tuesday, 20 January)
• Re: [CSP] <meta> clarifications (Tuesday, 20 January)
• Re: [Integrity] typos with ni URIs (Tuesday, 20 January)
• Re: [CSP] violation reports for sandbox (Tuesday, 20 January)
• Re: [CSP] Clarifications regarding the HTTP LINK Header (Tuesday, 20 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Monday, 19 January)
• Re: [Integrity] typos with ni URIs (Monday, 19 January)
• Re: [CSP] <meta> clarifications (Monday, 19 January)
• Re: [CSP] Accepting base64-url (Saturday, 17 January)
• Re: [CSP] Clarifications regarding the HTTP LINK Header (Friday, 16 January)
• Re: [CSP] URI/IRI normalization and comparison (Friday, 16 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Friday, 16 January)
• Re: Plugin data (was Re: Comments on Mixed Content) (Friday, 16 January)
• Re: Comments on Mixed Content (Friday, 16 January)
• Re: [CSP] URI/IRI normalization and comparison (Thursday, 15 January)
• Re: [CSP] Problems with frame-ancestors; X-Frame-Options not obsolete? (Thursday, 15 January)
• Re: [CSP] <meta> clarifications (Thursday, 15 January)
• Re: [CSP] violation reports for sandbox (Thursday, 15 January)
• Re: [CSP] Relative/absolute hostname matching (Thursday, 15 January)
• Re: [MIX] PF comments on Mixed Content - accessible indication and user controls (Thursday, 15 January)
• Re: Comments on Mixed Content (Thursday, 15 January)
• Re: Comments on Mixed Content (Wednesday, 14 January)
• Re: Comments on Mixed Content (Wednesday, 14 January)
• Re: [CSP3] Allow plugin-types "none" (Thursday, 8 January)
• Re: Accessibility of security indicators (Thursday, 8 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Thursday, 8 January)
• Re: [CSP3] Allow plugin-types "none" (Thursday, 8 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Thursday, 8 January)
• Re: Comments on Mixed Content (Thursday, 8 January)
• Re: [CSP] How to interpret 'self' in a sandboxed iframe (Thursday, 8 January)
• Re: [SRI] providing good defaults when the expected content type is missing? (Thursday, 8 January)
• Re: [CSP3] Allow paths without a domain (Thursday, 8 January)
• Re: [CSP3] Allow plugin-types "none" (Thursday, 8 January)
• Re: [REFERRER] Combination of referrer directive values (Thursday, 8 January)
• Re: [CSP3] 404 error from https://w3c.github.io/webappsec/specs/content-security-policy/ (Thursday, 8 January)
• Re: [SRI] Getting sha-384 and sha-512 added to the RFC6920 registry? (Thursday, 8 January)
• Re: [SRI] Include sha-384 in the spec? (Thursday, 8 January)
• Re: Adding window.opener control to referrer-policy? (Thursday, 8 January)

Neil Matatall

• Re: Cancelling next week's call? (Thursday, 22 January)

Oda, Terri

• Re: Accessibility of security indicators (Monday, 12 January)

Seb Schmoller

• [CSP3] 404 error from https://w3c.github.io/webappsec/specs/content-security-policy/ (Tuesday, 30 December)

Tanvi Vyas

• Re: Plugin data (was Re: Comments on Mixed Content) (Tuesday, 27 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Tuesday, 20 January)
• Plugin data (was Re: Comments on Mixed Content) (Thursday, 15 January)
• Re: Strict mixed content checking (was Re: MIX: Exiting last call?) (Thursday, 15 January)

Tim Berners-Lee

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)
• [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Friday, 2 January)

Vítor Magano

• [CSP2] Browser Support (Friday, 16 January)
• [CSP2] Browser Support (Sunday, 18 January)

Web Application Security Working Group Issue Tracker

• webappsec-ACTION-211: Ask github if they prefer fail open / closed on unknown hashes (Monday, 12 January)
• webappsec-ACTION-210: Move sri bugs in bugzilla to github (Monday, 12 January)
• webappsec-ACTION-209: Ask open data/linked data groups for info on data publishing for use in secure context (Monday, 12 January)

yan

• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Tuesday, 13 January)
• Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do. (Monday, 5 January)

Yan Zhu

• Re: Proposal: A pinning mechanism for CSP? (Friday, 30 January)
• Re: Security use cases for packaging (Friday, 30 January)
• Re: Security use cases for packaging (Friday, 30 January)
• Re: Security use cases for packaging (Thursday, 29 January)
• Security use cases for packaging (Thursday, 29 January)
• Re: Proposal: A pinning mechanism for CSP? (Friday, 23 January)
• Re: Proposal: A pinning mechanism for CSP? (Monday, 26 January)

Yves Lafon

• [MIX] HSTS, SW and mixed-content (Tuesday, 27 January)

Last message date: Saturday, 31 January 2015 04:10:26 UTC