On Tue, Oct 27, 2009 at 12:39 PM, Daniel Veditz <dved...@mozilla.com> wrote: > I don't think we're having a technical argument, and we're not getting > the feedback we need to break the impasse in this limited forum.
I agree that we're not making progress in this discussion. At a high level, the approach of letting sites to restrict the privileges of their own content is a rich space for security mechanisms. My opinion is that the current CSP design is overly complex for the use cases it supports and insufficiently flexible as a platform for addressing future use cases. If I find the time, I'll send along a full design that tries to improve these aspects along the lines I've suggested in the foregoing discussion. Adam _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security