, 2013 at 3:47 PM, Brad Hill hillb...@gmail.com wrote:
1. Changed Fetch references. The CR document referenced the WHATWG
spec in a number of places. This was problematic due to the maturity /
stability requirements of the W3C for document advancement, and I feel
feedback is encouraged and silence will be considered assent. I have
updated the target date for PR to 26-Sep-2013.
On Mon, Aug 5, 2013 at 4:48 PM, Brad Hill hillb...@gmail.com wrote:
I'd like to issue this as a formal Call for Consensus at this point
These are created automatically by the tracker, and the create a new
action web form doesn't let you insert context until after the action is
On 10/28/14, 2:47 AM, Anne van Kesteren ann...@annevk.nl wrote:
Can we perhaps not post ACTION-creation emails to the list?
On both this, and CSP pinning, I find myself getting nervous about adding
an increasing number of headers which, when sent by any resource, impact
the security posture and functioning of an entire origin. HSTS and HPKP
are somewhat special in that: they convey only a few bits of information.
I think that POSTing JSON would probably expose to CSRF a lot of things
that work over HTTP but don't expect to be interacted with by web browsers
in that manner. That's why the recent JSON encoding for forms mandates
that it be same-origin only.
On Thu Feb 19 2015 at 12:23:48 PM Jonas Sicking
Paging (future Dr.) Deian Stefan to the ER...
Any thoughts on using COWL for this kind of thing, with a pinned crypto key
as a confinement label to be combined with the regular Origin label?
On Thu Jan 29 2015 at 1:43:05 PM Yan Zhu y...@yahoo-inc.com wrote:
chris palmer wrote:
(Dang, just realized I forgot to include WebApps on this joint deliverable.)
Members of WebApps, please note the below Call for Consensus on proposed
non-normative updates to the CORS recommendation and comment on
public-webapp...@w3.org by Monday, August 10, 2015.
, especially since we know there are active
attacks being mounted against this traffic on a regular basis. (This is
why I suggested .onion sites as potentially secure contexts, which do not
suffer from the same exposure outside of the Tor network.)
On Tue, Dec 1, 2015 at 5:42 AM Aymeric Vitte <
I don't think there is universal agreement among browser engineers (if
anyone agrees at all) with your assertion that the Tor protocol or even Tor
hidden services are "more secure than TLS". TLS in modern browsers
requires RSA 2048-bit or equivalent authentication, 128-bit symmetric key
time on this list. Please refrain from continuing down these paths.
Brad Hill, as co-chair
On Mon, Nov 30, 2015 at 6:25 PM Florian Bösch <pya...@gmail.com> wrote:
> On Mon, Nov 30, 2015 at 10:45 PM, Richard Barnes <rbar...@mozilla.com>
>> 1. Auth
Mail list logo