Re: FYI: RFC7762 established a registry of CSP directives from Richard Barnes on 2016-02-12 (public-webappsec@w3.org from February 2016)

From: Richard Barnes <rbarnes@mozilla.com>
Date: Fri, 12 Feb 2016 17:01:39 -0500
To: Brad Hill <hillbrad@gmail.com>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Mark Nottingham <mnot@mnot.net>, Dan Veditz <dveditz@mozilla.com>
Message-ID: <CAOAcki8tifjCZp5ZD3phRbrff4NQ+xDno4W+pnkn_XFBt21jzA@mail.gmail.com>

Indeed.  Happy to see W3C specs making use of IANA for extensibility.

On Fri, Feb 12, 2016 at 12:42 PM, Brad Hill <hillbrad@gmail.com> wrote:

> Yay!
>
> On Fri, Feb 12, 2016 at 4:08 AM Mike West <mkwst@google.com> wrote:
>
>> Hello, folks!
>>
>> We're moving towards a more modular future for CSP; as opposed to putting
>> everything into one monolithic doc that advances as a block, we're
>> splitting things up into various docs that can advance at their own rate.
>>
>> Thanks to mnot@ and others, https://tools.ietf.org/html/rfc7762
>> formalizes this split to some extent, providing a single location (
>> https://www.iana.org/assignments/content-security-policy-directives/content-security-policy-directives.xhtml#directives) that
>> collects all the directives that we (and others!) end up specifying. I'll
>> be adding super-exciting IANA sections to the various CSP modules we have
>> lying around, and I hope you'll do the same when you decide that you'd like
>> to specify your own directive(s).
>>
>> Thanks!
>>
>> -mike
>>
>

Received on Friday, 12 February 2016 22:02:08 UTC