public-webappsec@w3.org from May 2015 by thread

[webappsec] Teleconference Monday June 1 CANCELLED Brad Hill (Friday, 29 May)

[credential management] Cross-origin credentials (was: Identity Credentials API Extension) Adrian Hope-Bailie (Friday, 29 May)

• Re: [credential management] Cross-origin credentials (was: Identity Credentials API Extension) Brad Hill (Friday, 29 May)
  • Re: [credential management] Cross-origin credentials (was: Identity Credentials API Extension) Adrian Hope-Bailie (Friday, 29 May)
    • Re: [credential management] Cross-origin credentials (was: Identity Credentials API Extension) Brad Hill (Friday, 29 May)
      • Re: [credential management] Cross-origin credentials (was: Identity Credentials API Extension) Anne van Kesteren (Saturday, 30 May)
        • Re: [credential management] Cross-origin credentials (was: Identity Credentials API Extension) Anders Rundgren (Saturday, 30 May)

Call for Exclusions (Update): Content Security Policy Pinning Coralie Mercier (Thursday, 28 May)

[SRI] review note 2 timeless (Wednesday, 27 May)

• Re: [SRI] review note 2 Francois Marier (Wednesday, 27 May)

[SRI] review note 1 timeless (Wednesday, 27 May)

• Re: [SRI] review note 1 Francois Marier (Wednesday, 27 May)

[REFERRER] 301 Redirections with cross origin and same origin nodes? Kristijan Burnik (Tuesday, 26 May)

• Re: [REFERRER] 301 Redirections with cross origin and same origin nodes? Jochen Eisinger (Wednesday, 27 May)
  • Re: [REFERRER] 301 Redirections with cross origin and same origin nodes? Kristijan Burnik (Wednesday, 27 May)

[mixed-content] How to move "localStorage" or "IndexedDB" from HTTP to HTTPS? Vic99999 (Saturday, 23 May)

• Re: [mixed-content] How to move "localStorage" or "IndexedDB" from HTTP to HTTPS? Vic99999 (Monday, 25 May)
  • Re: [mixed-content] How to move "localStorage" or "IndexedDB" from HTTP to HTTPS? Janusz Majnert (Tuesday, 26 May)
    • Re: [mixed-content] How to move "localStorage" or "IndexedDB" from HTTP to HTTPS? Brad Hill (Tuesday, 26 May)

[REFERRER] Referrer Policy Test Suite - The first batch is in! Kristijan Burnik (Friday, 22 May)

• Re: [REFERRER] Referrer Policy Test Suite - The first batch is in! Brad Hill (Friday, 22 May)

[credential management] Identity Credentials API Extension Manu Sporny (Thursday, 21 May)

• Re: [credential management] Identity Credentials API Extension Brad Hill (Wednesday, 27 May)
  • Re: [credential management] Identity Credentials API Extension Adrian Hope-Bailie (Wednesday, 27 May)
    • Re: [credential management] Identity Credentials API Extension Brad Hill (Wednesday, 27 May)
      • Re: [credential management] Identity Credentials API Extension Adrian Hope-Bailie (Thursday, 28 May)
        • Re: [credential management] Identity Credentials API Extension Brad Hill (Thursday, 28 May)

Logjam and Resetting Handshake Timers in Browsers Jeffrey Walton (Thursday, 21 May)

Harmonizing same-origin and cross-origin credentials Manu Sporny (Monday, 18 May)

• Re: Harmonizing same-origin and cross-origin credentials Anders Rundgren (Monday, 18 May)
• Re: Harmonizing same-origin and cross-origin credentials Brad Hill (Monday, 18 May)

Comments on Subresource integrity Watson Ladd (Saturday, 16 May)

• Re: Comments on Subresource integrity Devdatta Akhawe (Monday, 18 May)

SRI for preemptive cache validation Jeff Kaufman (Friday, 15 May)

• Re: SRI for preemptive cache validation Devdatta Akhawe (Monday, 18 May)
  • Re: SRI for preemptive cache validation Jeff Kaufman (Tuesday, 19 May)
• Re: SRI for preemptive cache validation Adam Langley (Monday, 18 May)
  • Re: SRI for preemptive cache validation Jeff Kaufman (Tuesday, 19 May)
• Re: SRI for preemptive cache validation Brian Smith (Tuesday, 19 May)
  • Re: SRI for preemptive cache validation Jeff Kaufman (Tuesday, 19 May)
    • Re: SRI for preemptive cache validation Jeff Kaufman (Tuesday, 19 May)
      • Re: SRI for preemptive cache validation Brian Smith (Thursday, 21 May)
        • Re: SRI for preemptive cache validation Jeff Kaufman (Thursday, 21 May)
          • Re: SRI for preemptive cache validation Brian Smith (Thursday, 21 May)
            • Re: SRI for preemptive cache validation Ilya Grigorik (Tuesday, 26 May)
            • Re: SRI for preemptive cache validation Brian Smith (Tuesday, 26 May)
            • Re: SRI for preemptive cache validation Martin Thomson (Tuesday, 26 May)

[CSP3] Question on the use case of the CSP request header 寒蕊 (Friday, 15 May)

• Re: [CSP3] Question on the use case of the CSP request header Brad Hill (Friday, 15 May)

[credential-management] Risk in same origin and SSL/TLS requirements Keiji Takeda (Wednesday, 13 May)

• Re: [credential-management] Risk in same origin and SSL/TLS requirements Brad Hill (Thursday, 14 May)
  • Re: [credential-management] Risk in same origin and SSL/TLS requirements Keiji Takeda (Thursday, 14 May)
• Re: [credential-management] Risk in same origin and SSL/TLS requirements Mike West (Sunday, 17 May)
  • Re: [credential-management] Risk in same origin and SSL/TLS requirements Keiji Takeda (Tuesday, 26 May)
    • Re: [credential-management] Risk in same origin and SSL/TLS requirements Mike West (Thursday, 28 May)
      • Re: [credential-management] Risk in same origin and SSL/TLS requirements Keiji Takeda (Thursday, 28 May)

Monday May 18 teleconference topics Daniel Veditz (Wednesday, 13 May)

• Re: Monday May 18 teleconference topics Mike West (Wednesday, 13 May)
  • Re: Monday May 18 teleconference topics David Ross (Wednesday, 13 May)
  • Re: Monday May 18 teleconference topics Manu Sporny (Thursday, 14 May)
    • Re: Monday May 18 teleconference topics Brad Hill (Thursday, 14 May)
    • Re: Monday May 18 teleconference topics Daniel Veditz (Friday, 15 May)
    • Re: Monday May 18 teleconference topics Mike West (Sunday, 17 May)
      • Re: Monday May 18 teleconference topics Wendy Seltzer (Monday, 18 May)

[SRI] Some new tests Brad Hill (Tuesday, 12 May)

• Re: [SRI] Some new tests Joel Weinberger (Tuesday, 12 May)
• Re: [SRI] Some new tests Brad Hill (Tuesday, 12 May)
  • Re: [SRI] Some new tests Brad Hill (Tuesday, 12 May)

[REFERRER] origin-when-crossorigin OR origin-when-cross-origin Jerry Qu (Saturday, 9 May)

• Re: [REFERRER] origin-when-crossorigin OR origin-when-cross-origin Mike West (Monday, 11 May)
  • Re: [REFERRER] origin-when-crossorigin OR origin-when-cross-origin Sid Stamm (Monday, 11 May)
    • Re: [REFERRER] origin-when-crossorigin OR origin-when-cross-origin Mike West (Tuesday, 12 May)
      • Re: [REFERRER] origin-when-crossorigin OR origin-when-cross-origin Anne van Kesteren (Thursday, 14 May)
        • Re: [REFERRER] origin-when-crossorigin OR origin-when-cross-origin Mike West (Sunday, 17 May)

Proposal: Two changes to iframe@sandbox Mike West (Monday, 11 May)

• Re: Proposal: Two changes to iframe@sandbox Oda, Terri (Wednesday, 13 May)

[Bug 28620] New: vbvcb bugzilla@jessica.w3.org (Saturday, 9 May)

Abusing HTTP status codes to deanonymize web users Ahmed Elsobky (Thursday, 7 May)

• Re: Abusing HTTP status codes to deanonymize web users Anne van Kesteren (Friday, 8 May)
• Re: Abusing HTTP status codes to deanonymize web users Ahmed Elsobky (Friday, 8 May)
  • Re: Abusing HTTP status codes to deanonymize web users Anne van Kesteren (Friday, 8 May)

[SRI] Comments on Subresource Integrity spec Gervase Markham (Thursday, 7 May)

• Re: [SRI] Comments on Subresource Integrity spec Joel Weinberger (Friday, 8 May)
  • Re: [SRI] Comments on Subresource Integrity spec Gervase Markham (Monday, 11 May)
    • Re: [SRI] Comments on Subresource Integrity spec Daniel Veditz (Monday, 11 May)
      • Re: [SRI] Comments on Subresource Integrity spec Gervase Markham (Tuesday, 12 May)
    • Re: [SRI] Comments on Subresource Integrity spec Joel Weinberger (Tuesday, 12 May)
      • Re: [SRI] Comments on Subresource Integrity spec Joel Weinberger (Tuesday, 12 May)
      • Re: [SRI] Comments on Subresource Integrity spec Gervase Markham (Tuesday, 12 May)
        • Re: [SRI] Comments on Subresource Integrity spec Joel Weinberger (Wednesday, 13 May)
          • Re: [SRI] Comments on Subresource Integrity spec Devdatta Akhawe (Sunday, 17 May)
            • Re: [SRI] Comments on Subresource Integrity spec Gervase Markham (Monday, 18 May)
• Re: [SRI] Comments on Subresource Integrity spec Devdatta Akhawe (Monday, 18 May)
  • Re: [SRI] Comments on Subresource Integrity spec Gervase Markham (Monday, 18 May)
    • Re: [SRI] Comments on Subresource Integrity spec Devdatta Akhawe (Monday, 18 May)
      • Re: [SRI] Comments on Subresource Integrity spec Joel Weinberger (Monday, 18 May)
        • Re: [SRI] Comments on Subresource Integrity spec Devdatta Akhawe (Monday, 18 May)
          • Re: [SRI] Comments on Subresource Integrity spec Frederik Braun (Tuesday, 19 May)

[SRI] integrity + login looks broken Manger, James (Thursday, 7 May)

• Re: [SRI] integrity + login looks broken Devdatta Akhawe (Sunday, 17 May)
  • Re: [SRI] integrity + login looks broken Anne van Kesteren (Monday, 18 May)
  • RE: [SRI] integrity + login looks broken Manger, James (Monday, 18 May)

[SRI] Requiring CORS for SRI Tanvi Vyas (Wednesday, 6 May)

• Re: [SRI] Requiring CORS for SRI Brad Hill (Wednesday, 6 May)
  • Re: [SRI] Requiring CORS for SRI Devdatta Akhawe (Thursday, 7 May)
  • Re: [SRI] Requiring CORS for SRI Anne van Kesteren (Thursday, 7 May)
• Re: [SRI] Requiring CORS for SRI Anne van Kesteren (Thursday, 7 May)
• Re: [SRI] Requiring CORS for SRI Francois Marier (Thursday, 7 May)
  • Re: [SRI] Requiring CORS for SRI Frederik Braun (Thursday, 7 May)
    • Re: [SRI] Requiring CORS for SRI Wendy Seltzer (Thursday, 7 May)
      • Re: [SRI] Requiring CORS for SRI Anne van Kesteren (Thursday, 7 May)
        • Re: [SRI] Requiring CORS for SRI Wendy Seltzer (Thursday, 7 May)
          • Re: [SRI] Requiring CORS for SRI Anne van Kesteren (Thursday, 7 May)
            • Re: [SRI] Requiring CORS for SRI Brad Hill (Thursday, 7 May)
            • Re: [SRI] Requiring CORS for SRI Austin William Wright (Friday, 8 May)
            • Re: [SRI] Requiring CORS for SRI Joel Weinberger (Friday, 8 May)
            • Re: [SRI] Requiring CORS for SRI Austin William Wright (Friday, 8 May)
            • Re: [SRI] Requiring CORS for SRI Anne van Kesteren (Saturday, 9 May)
            • Re: [SRI] Requiring CORS for SRI Austin William Wright (Saturday, 9 May)
            • Re: [SRI] Requiring CORS for SRI Anne van Kesteren (Saturday, 9 May)
            • Re: [SRI] Requiring CORS for SRI Austin William Wright (Saturday, 9 May)
            • Re: [SRI] Requiring CORS for SRI Jeffrey Yasskin (Saturday, 9 May)
    • The jQuery CDN has enabled CORS (Re: [SRI] Requiring CORS for SRI) Frederik Braun (Monday, 18 May)
      • Re: The jQuery CDN has enabled CORS (Re: [SRI] Requiring CORS for SRI) Brad Hill (Monday, 18 May)

Re: CfC: Subresource Integrity (SRI) to Last Call? Frederik Braun (Wednesday, 6 May)

• Re: CfC: Subresource Integrity (SRI) to Last Call? Anne van Kesteren (Wednesday, 6 May)

Microsoft is considering Chrome's Native Messaging Anders Rundgren (Tuesday, 5 May)

Permissions API vs local APIs Anne van Kesteren (Tuesday, 5 May)

• Re: Permissions API vs local APIs Jonas Sicking (Tuesday, 5 May)
  • Re: Permissions API vs local APIs Mike West (Tuesday, 5 May)
    • Re: Permissions API vs local APIs Anne van Kesteren (Wednesday, 6 May)
      • Re: Permissions API vs local APIs Michael van Ouwerkerk (Wednesday, 6 May)
        • Re: Permissions API vs local APIs Miguel Garcia (Wednesday, 6 May)
          • Re: Permissions API vs local APIs Jonas Sicking (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Anne van Kesteren (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Doug Turner (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Jonas Sicking (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Doug Turner (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Mounir Lamouri (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Marcos Caceres (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Martin Thomson (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Miguel Garcia (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Anne van Kesteren (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Miguel Garcia (Wednesday, 6 May)
            • Re: Permissions API vs local APIs Anne van Kesteren (Wednesday, 6 May)

[webappsec] proposed Teleconference Agenda 4-May-2015 (Subresource Integrity) Frederik Braun (Monday, 4 May)

• Re: [webappsec] proposed Teleconference Agenda 4-May-2015 (Subresource Integrity) Brad Hill (Monday, 4 May)

Re: [CSP2] Preventing page navigation to untrusted sources Deian Stefan (Wednesday, 29 April)

Re: [REFERRER] policy inheritance via javascript: URI and new document Sid Stamm (Friday, 1 May)

• Re: [REFERRER] policy inheritance via javascript: URI and new document Mike West (Friday, 1 May)
  • Re: [REFERRER] policy inheritance via javascript: URI and new document Sid Stamm (Friday, 1 May)

Re: F2F Meeting? Mark Nottingham (Friday, 1 May)

Re: [webappsec] Monday Teleconference HOMEWORK Francois Marier (Friday, 1 May)

Last message date: Saturday, 30 May 2015 04:14:22 UTC