Re: CSP3 as a polylithic set of modules? from Jim Manico on 2015-09-29 (public-webappsec@w3.org from September 2015)

From: Jim Manico <jim.manico@owasp.org>
Date: Mon, 28 Sep 2015 15:44:17 -1000
To: Brian Smith <brian@briansmith.org>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Mark Nottingham <mnot@mnot.net>, Travis Leithead <Travis.Leithead@microsoft.com>
Message-Id: <5A0B5493-DD26-4E72-A919-21C527862319@owasp.org>

May I suggest for category 1a:

"Features from later modules that are 'easy' to implement."

The browsers have been all over the map in terms of csp2 implementation and this idea of "browser implementation guidance" and modularization for csp3 is an excellent idea.

But I would hate to see "easy to implement" features from the latter modules take a overly long time to get rolled out.

--
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
Join me at AppSecUSA 2015!

> On Sep 28, 2015, at 11:15 AM, Brian Smith <brian@briansmith.org> wrote:
> 
> 1. Features that everybody implements (approximately CSP 1).

Received on Tuesday, 29 September 2015 01:44:32 UTC