that the term is defined
in another spec (eg HTML5, URL), but there's not cross-spec linking nor
explicit explanation that this is the case, so I'm guessing.
Does anyone have insight on this?
thanks,
=JeffH
.
=JeffH
a public mailing list [0] for pre-BoF discussion --
has...@ietf.org -- to which you can freely subscribe here:
https://www.ietf.org/mailman/listinfo/hasmat
We encourage all interested parties to join the hasmat@ mailing list and engage
in the on-going discussion there.
thanks,
=JeffH
Per Thomas' request, we'll be taking the Strict Transport Security (STS)
discussion - public-web-secur...@w3.org
I'll repost some selected messages from public-webapps@ over onto
public-web-security@ to get the ball rolling.
Thanks,
=JeffH
From: Eric Lawrence
Sent: Friday, October 09, 2009 11:42 AM
To: 'Steingruebl, Andy'; 'a...@adambarth.com'
Cc: Hodges, Jeff; 'Collin Jackson'
Subject: RE: Strict-Transport-Security specification
Hey, guys! You both asked me for feedback on the STS spec a while ago and I've
finally managed to
--- Forwarded Message
Date:Tue, 27 Oct 2009 22:20:28 -0700
From:Adam Barth w...@adambarth.com
To: Eric Lawrence eric...@exchange.microsoft.com
cc: public-webapps@w3.org public-webapps@w3.org
Subject: Re: FW: Feedback on the Strict-Transport-Security specification
Thanks
apologies for prior two msgs, I miss-addressed them. mea culpa, =JeffH
. Also, I'll
start a separate thread wrt mixed content (aka mixed security context).
=JeffH
--
Adam replied:
On Tue, Oct 27, 2009 at 5:01 PM, Eric Lawrence
eric...@exchange.microsoft.com wrote:
[mixed content snipped]
[Section 2.4.2: Detailed Core Requirements]: 4.UAs need to re-write all
This addresses the remaining items in EricLaw's feedback.
I have a -06 spec rev opened up and spread around the garage here with various
fixes enhancements in progress...
=JeffH
--
Editorial issues [Section: Abstract] defines a mechanism to enabling Web
sites
fixed in -06
Transport Security) spec
discussion to public-web-security@ ?
thanks,
=JeffH
oauth-protocol-flow-diagrams
http://identitymeme.org/archives/2008/10/22/oauth-protocol-flow-diagrams/
http://identitymeme.org/doc/draft-hodges-oauth-05-figures.txt
HTH,
=JeffH
NoScript is a security-oriented Firefox extension...
--- Forwarded Message
Date:Sun, 20 Sep 2009 11:40:33 +0200
From:Giorgio Maone g.ma...@informaction.com
To: =JeffH jeff.hod...@kingsmountain.com
cc: W3C HTML WG public-h...@w3.org, wha...@whatwg.org
Subject: Re: [whatwg
this is presently designed.
But, we feel that given that a superdomain admin currently can do all sorts of
nasty things to a subdomain either malevolently/inadvertently (e.g. take 'em
out of the zone file) that this really doesn't alter the status quo.
Thanks for your feedback.
HTH,
=JeffH
specification but also explaining the
technique. But, adding explicit versioning is also a pain.
Below's a couple of quick examples/experiments with re-coding the STS header
field ABNF grammar using Hixie's ideas.
thoughts?
=JeffH
--
current STS header field syntax ABNF [RFC2616]:
Strict
forwarding on bechalf of AndyS..
From: Steingruebl, Andy asteingru...@paypal.com
Sent: Saturday, September 19, 2009 8:25 AM
To: Jonas Sicking; =JeffH
Cc: public-webapps@w3.org; Hodges, Jeff; Adam Barth; Collin Jackson
Subject: RE: fyi: Strict Transport Security specification
-Original
,
=JeffH
PayPal InfoSec Team
Collin Jackson
Carnegie Mellon University
Adam Barth
University of California Berkeley
16 matches
Mail list logo