[blink-dev] Proposal: Marking HTTP As Non-Secure
[blink-dev] Re: Proposal: Marking HTTP As Non-Secure
[Bug 27744] New: Should define the term 'subresource'
[Bug 27745] New: Should define the term 'integrity'
[Bug 27746] New: Integrity of image content
[Bug 27747] New: Integrity of font content
[Bug 27748] New: Value of @integrity attribute not sufficiently prescriptive
[CORS] Implementation Report links in CORS REC return errors
[CSP2] Browser Support
[CSP3] 404 error from https://w3c.github.io/webappsec/specs/content-security-policy/
[CSP3] Allow paths without a domain
[CSP3] Allow plugin-types "none"
[CSP] <meta> clarifications
[CSP] Accepting base64-url
[CSP] Clarifications on nonces
[CSP] Clarifications regarding the HTTP LINK Header
[CSP] CSP3: Request for comments on message-src and message-sink
[CSP] Dynamic CSP
[CSP] Geotargetting?
[CSP] How to interpret 'self' in a sandboxed iframe
[CSP] Problems with frame-ancestors; X-Frame-Options not obsolete?
[CSP] Relative/absolute hostname matching
[CSP] URI/IRI normalization and comparison
- Anne van Kesteren (Wednesday, 21 January)
- Mike West (Wednesday, 21 January)
- Anne van Kesteren (Wednesday, 21 January)
- Mike West (Tuesday, 20 January)
- Anne van Kesteren (Tuesday, 20 January)
- Brian Smith (Monday, 19 January)
- Brian Smith (Monday, 19 January)
- Mike West (Friday, 16 January)
- Brad Hill (Thursday, 15 January)
- Brian Smith (Thursday, 15 January)
- Mike West (Thursday, 15 January)
[CSP] violation reports for sandbox
[Integrity] typos with ni URIs
- Anne van Kesteren (Tuesday, 20 January)
- Brad Hill (Tuesday, 20 January)
- Anne van Kesteren (Tuesday, 20 January)
- Brad Hill (Tuesday, 20 January)
- Brian Smith (Tuesday, 20 January)
- Anne van Kesteren (Tuesday, 20 January)
- Frederik Braun (Tuesday, 20 January)
- Anne van Kesteren (Tuesday, 20 January)
- Mike West (Tuesday, 20 January)
- Francois Marier (Tuesday, 20 January)
- Anne van Kesteren (Tuesday, 20 January)
- Mike West (Tuesday, 20 January)
- Martin Thomson (Tuesday, 20 January)
- Brian Smith (Monday, 19 January)
- Mike West (Monday, 19 January)
- Martin Thomson (Monday, 19 January)
- Brian Smith (Monday, 19 January)
- Martin Thomson (Thursday, 15 January)
- Jeffrey Walton (Thursday, 15 January)
- Martin Thomson (Thursday, 15 January)
- Devdatta Akhawe (Thursday, 15 January)
- Brian Smith (Thursday, 15 January)
- Joel Weinberger (Wednesday, 7 January)
- Frederik Braun (Wednesday, 7 January)
- Joel Weinberger (Wednesday, 7 January)
- Manger, James (Wednesday, 7 January)
[MIX] HSTS, SW and mixed-content
[MIX] PF comments on Mixed Content - accessible indication and user controls
[MIX] Require HTTPS scripts to be able to anything HTTP scripts can do.
- Brad Hill (Thursday, 22 January)
- yan (Tuesday, 13 January)
- Chris Palmer (Thursday, 8 January)
- Daniel Kahn Gillmor (Thursday, 8 January)
- Mike West (Thursday, 8 January)
- chaals@yandex-team.ru (Thursday, 8 January)
- Mike West (Thursday, 8 January)
- Chris Palmer (Tuesday, 6 January)
- Chris Palmer (Tuesday, 6 January)
- Brad Hill (Monday, 5 January)
- Jeffrey Yasskin (Monday, 5 January)
- Brad Hill (Monday, 5 January)
- Brad Hill (Monday, 5 January)
- Mark Watson (Monday, 5 January)
- Jim Manico (Monday, 5 January)
- Chris Palmer (Monday, 5 January)
- Chris Palmer (Monday, 5 January)
- Jeffrey Yasskin (Monday, 5 January)
- Mark Watson (Monday, 5 January)
- Chris Palmer (Monday, 5 January)
- Mark Watson (Monday, 5 January)
- Daniel Kahn Gillmor (Monday, 5 January)
- Chris Palmer (Monday, 5 January)
- Michal Zalewski (Monday, 5 January)
- Boris Zbarsky (Monday, 5 January)
- Jeffrey Yasskin (Monday, 5 January)
- Anne van Kesteren (Monday, 5 January)
- Martin Thomson (Monday, 5 January)
- Boris Zbarsky (Monday, 5 January)
- Boris Zbarsky (Monday, 5 January)
- Brad Hill (Monday, 5 January)
- Anne van Kesteren (Monday, 5 January)
- Anne van Kesteren (Monday, 5 January)
- Martin Thomson (Monday, 5 January)
- yan (Monday, 5 January)
- Daniel Kahn Gillmor (Monday, 5 January)
- Anne van Kesteren (Monday, 5 January)
- Daniel Kahn Gillmor (Monday, 5 January)
- Boris Zbarsky (Monday, 5 January)
- Tim Berners-Lee (Monday, 5 January)
- Anne van Kesteren (Monday, 5 January)
- Mathias Bynens (Monday, 5 January)
- Tim Berners-Lee (Monday, 5 January)
- Anne van Kesteren (Monday, 5 January)
- Tim Berners-Lee (Monday, 5 January)
- Joel Weinberger (Friday, 2 January)
- Jim Manico (Friday, 2 January)
- Jim Manico (Friday, 2 January)
- Brad Hill (Friday, 2 January)
- Michal Zalewski (Friday, 2 January)
- Tim Berners-Lee (Friday, 2 January)
[REFERRER] Combination of referrer directive values
[SRI] format of the integrity attribute
- Francois Marier (Saturday, 31 January)
- Martin Thomson (Saturday, 31 January)
- Francois Marier (Saturday, 31 January)
- Anne van Kesteren (Friday, 30 January)
- Joel Weinberger (Friday, 30 January)
- Anne van Kesteren (Thursday, 29 January)
- Martin Thomson (Thursday, 29 January)
- Anne van Kesteren (Thursday, 29 January)
- Martin Thomson (Thursday, 29 January)
- Francois Marier (Thursday, 29 January)
- Devdatta Akhawe (Wednesday, 28 January)
- Daniel Veditz (Wednesday, 28 January)
- Francois Marier (Tuesday, 27 January)
[SRI] Getting sha-384 and sha-512 added to the RFC6920 registry?
[SRI] Include sha-384 in the spec?
[SRI] providing good defaults when the expected content type is missing?
[SRI] Reserving the "authority" component of NI URIs for later use?
[SRI] Suggesting Francois Marier (Mozilla) as editor
[SRI] unsupported hashes and invalid metadata
[webappsec] Teleconference Agenda, 12-Jan-2015 12:00 PST
Accessibility of security indicators
Adding window.opener control to referrer-policy?
Avoiding syncronous manifest requests in EPR
Cancelling next week's call?
- Jim Manico (Tuesday, 27 January)
- Brad Hill (Tuesday, 27 January)
- Crispin Cowan (Tuesday, 27 January)
- Crispin Cowan (Friday, 23 January)
- Jim Manico (Friday, 23 January)
- Crispin Cowan (Thursday, 22 January)
- Neil Matatall (Thursday, 22 January)
- Brad Hill (Thursday, 22 January)
- Brad Hill (Thursday, 22 January)
- Brad Hill (Thursday, 22 January)
CfC: Transition CSP2 to CR.
Comments on Mixed Content
CREDENTIAL: And now for something completely different...
CSP unsafe-eval alternative for a 'trusted' or 'eval-src: self'?
CSP Versions in Violation Reports
CSP3: DOM API Strawman
CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)
- Joel Weinberger (Thursday, 29 January)
- Brian Smith (Thursday, 29 January)
- Joel Weinberger (Thursday, 29 January)
- Anne van Kesteren (Thursday, 29 January)
- Mike West (Thursday, 29 January)
- Anne van Kesteren (Thursday, 29 January)
- Mike West (Thursday, 29 January)
- Anne van Kesteren (Thursday, 29 January)
- Mike West (Thursday, 29 January)
- Joel Weinberger (Thursday, 29 January)
- Mike West (Thursday, 29 January)
- Brian Smith (Wednesday, 28 January)
- Mike West (Wednesday, 28 January)
- Brian Smith (Monday, 26 January)
- Brad Hill (Thursday, 22 January)
- Brian Smith (Thursday, 22 January)
- Mike West (Thursday, 22 January)
- Brad Hill (Thursday, 22 January)
- Mike West (Thursday, 22 January)
- Brian Smith (Wednesday, 21 January)
- Brad Hill (Wednesday, 21 January)
- Mike West (Wednesday, 21 January)
optimistic HTTP → HTTPS [was: Re: Require HTTPS scripts to be able to anything HTTP scripts can do.]
Plugin data (was Re: Comments on Mixed Content)
postMessage, workers and sandboxing
POWER: Combining document and settings object checks.
Proposal: A pinning mechanism for CSP?
- Brad Hill (Friday, 30 January)
- Mike West (Friday, 30 January)
- Brad Hill (Friday, 30 January)
- Mike West (Friday, 30 January)
- Deian Stefan (Friday, 30 January)
- Yan Zhu (Friday, 30 January)
- Brad Hill (Friday, 30 January)
- Mike West (Friday, 30 January)
- Mike West (Friday, 30 January)
- Deian Stefan (Friday, 30 January)
- Mike West (Monday, 26 January)
- Yan Zhu (Friday, 23 January)
- Yan Zhu (Monday, 26 January)
- Brad Hill (Monday, 26 January)
- Jim Manico (Saturday, 24 January)
- Brad Hill (Saturday, 24 January)
- Jim Manico (Saturday, 24 January)
- Brad Hill (Friday, 23 January)
- Mike West (Friday, 23 January)
- Chris Palmer (Friday, 23 January)
- Jim Manico (Friday, 23 January)
- Brad Hill (Friday, 23 January)
- Jim Manico (Friday, 23 January)
- Mike West (Friday, 23 January)
- Jim Manico (Friday, 23 January)
- Mike West (Friday, 23 January)
- Jim Manico (Friday, 23 January)
- Jim Manico (Friday, 23 January)
- Anne van Kesteren (Friday, 23 January)
- Mike West (Friday, 23 January)
- Jim Manico (Friday, 23 January)
- Frederik Braun (Friday, 23 January)
- Mike West (Friday, 23 January)
Security use cases for packaging
- Chris Palmer (Friday, 30 January)
- Daniel Kahn Gillmor (Friday, 30 January)
- Yan Zhu (Friday, 30 January)
- Daniel Kahn Gillmor (Friday, 30 January)
- Yan Zhu (Friday, 30 January)
- Deian Stefan (Friday, 30 January)
- Ilya Grigorik (Thursday, 29 January)
- Devdatta Akhawe (Thursday, 29 January)
- Brad Hill (Thursday, 29 January)
- Yan Zhu (Thursday, 29 January)
- Chris Palmer (Thursday, 29 January)
- Yan Zhu (Thursday, 29 January)
Service workers and CSP
Strict mixed content checking (was Re: MIX: Exiting last call?)
- Daniel Veditz (Sunday, 25 January)
- Mike West (Thursday, 22 January)
- Brian Smith (Tuesday, 20 January)
- Tanvi Vyas (Tuesday, 20 January)
- Mike West (Tuesday, 20 January)
- Anne van Kesteren (Tuesday, 20 January)
- Mike West (Tuesday, 20 January)
- Mike West (Monday, 19 January)
- Brian Smith (Monday, 19 January)
- Mike West (Friday, 16 January)
- Tanvi Vyas (Thursday, 15 January)
webappsec-ACTION-209: Ask open data/linked data groups for info on data publishing for use in secure context
webappsec-ACTION-210: Move sri bugs in bugzilla to github
webappsec-ACTION-211: Ask github if they prefer fail open / closed on unknown hashes
Last message date: Saturday, 31 January 2015 04:10:26 UTC