Hi Anne,
This is part of a starting point proposal for the new working group; we expect
the documents to change. It's a great time to suggest revisions; please feel
free to suggest your text. I've put the initial I-Ds on github for easier
editing: https://github.com/TokenBinding/Internet-Drafts
Cheers,
Andrei
-Original Message-
From: Unbearable [mailto:unbearable-boun...@ietf.org] On Behalf Of Anne van
Kesteren
Sent: Wednesday, February 11, 2015 4:19 AM
To: Arthur Barstow
Cc: public-webapps; unbeara...@ietf.org; WebAppSec WG
Subject: Re: [Unbearable] IETF seeking feedback on proposed Token Binding
Working Group
On Wed, Feb 11, 2015 at 1:10 PM, Arthur Barstow art.bars...@gmail.com wrote:
WebApps - please note the draft spec includes a new XHR property
withRefererTokenBindingID
https://tools.ietf.org/html/draft-balfanz-https-token-binding-00#section-3.4.
If anyone has feedback about the proposal, please send it to the
unbearable @ ietf.org list. However, comments related to the XHR
aspect should be Cc/Bcc to public-webapps.
Relatively recently we decided not to extend XMLHttpRequest further and
prioritize fetch().
Can we expect a more concrete proposal to revise either or is this it?
One problem with this proposal is that it does not use the Sec-* convention for
headers so the header can be spoofed...
--
https://annevankesteren.nl/
___
Unbearable mailing list
unbeara...@ietf.org
https://www.ietf.org/mailman/listinfo/unbearable
