, especially since we know there are active
attacks being mounted against this traffic on a regular basis. (This is
why I suggested .onion sites as potentially secure contexts, which do not
suffer from the same exposure outside of the Tor network.)
-Brad
On Tue, Dec 1, 2015 at 5:42 AM Aymeric Vitte <
I don't think there is universal agreement among browser engineers (if
anyone agrees at all) with your assertion that the Tor protocol or even Tor
hidden services are "more secure than TLS". TLS in modern browsers
requires RSA 2048-bit or equivalent authentication, 128-bit symmetric key
e's
time on this list. Please refrain from continuing down these paths.
thank you,
Brad Hill, as co-chair
On Mon, Nov 30, 2015 at 6:25 PM Florian Bösch <pya...@gmail.com> wrote:
> On Mon, Nov 30, 2015 at 10:45 PM, Richard Barnes <rbar...@mozilla.com>
> wrote:
>
>> 1. Auth
(Dang, just realized I forgot to include WebApps on this joint deliverable.)
Members of WebApps, please note the below Call for Consensus on proposed
non-normative updates to the CORS recommendation and comment on
public-webapp...@w3.org by Monday, August 10, 2015.
Thank you,
Brad Hill
co-chair
I think that POSTing JSON would probably expose to CSRF a lot of things
that work over HTTP but don't expect to be interacted with by web browsers
in that manner. That's why the recent JSON encoding for forms mandates
that it be same-origin only.
On Thu Feb 19 2015 at 12:23:48 PM Jonas Sicking
On both this, and CSP pinning, I find myself getting nervous about adding
an increasing number of headers which, when sent by any resource, impact
the security posture and functioning of an entire origin. HSTS and HPKP
are somewhat special in that: they convey only a few bits of information.
are
Paging (future Dr.) Deian Stefan to the ER...
Any thoughts on using COWL for this kind of thing, with a pinned crypto key
as a confinement label to be combined with the regular Origin label?
-Brad
On Thu Jan 29 2015 at 1:43:05 PM Yan Zhu y...@yahoo-inc.com wrote:
chris palmer wrote:
But
These are created automatically by the tracker, and the create a new
action web form doesn't let you insert context until after the action is
created.
On 10/28/14, 2:47 AM, Anne van Kesteren ann...@annevk.nl wrote:
Can we perhaps not post ACTION-creation emails to the list?
--
. Positive
feedback is encouraged and silence will be considered assent. I have
updated the target date for PR to 26-Sep-2013.
Thank you,
Brad Hill
On Mon, Aug 5, 2013 at 4:48 PM, Brad Hill hillb...@gmail.com wrote:
I'd like to issue this as a formal Call for Consensus at this point
, 2013 at 3:47 PM, Brad Hill hillb...@gmail.com wrote:
1. Changed Fetch references. The CR document referenced the WHATWG
Fetch
spec in a number of places. This was problematic due to the maturity /
stability requirements of the W3C for document advancement, and I feel
also
inappropriate
10 matches
Mail list logo
