Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Wed, Feb 11, 2015 at 2:02 AM, Mike West wrote: > > >> https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html >> >> https://mikewest.github.io/internetdrafts/first-party-cookies/draft-west-first-party-cookies-00.html >> >> Not many people are interested thus

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

Daniel Veditz wrote: > On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron wrote: >> >> (1) The "Confinement with Origin Web Labels" deliverable is described >> in a way that makes it unclear what the deliverable would do. It >> should be clearer. Furthermore, the lack of clarity means we

Re: User Repositories on hg.mozilla.org are Now Non-Publishing (Action May Be Required)

Thank you very much! This gets around the last major pain point with using bookmarks. And yes, changeset evolution please :). On 10/02/15 06:37 PM, Gregory Szorc wrote: Mercurial has a feature called "phases." When you push to a "publishing" repository, Mercurial sets the "phase" of the commit

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Wed, Feb 11, 2015 at 12:47 AM, Daniel Veditz wrote: > A new version of the charter has been uploaded that hopefully addresses > these objections > > On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron > wrote: > >> (1) The "Confinement with Origin Web Labels" deliverable is described >> in a

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Wed, Feb 11, 2015 at 11:20 AM, Jonas Sicking wrote: > On Wed, Feb 11, 2015 at 1:52 AM, Anne van Kesteren > wrote: > > On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking > wrote: > >> Has the group looked at expanding the feature set of cookies to allow > >> better CSRF protection? > > > > Mike

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Wed, Feb 11, 2015 at 1:52 AM, Anne van Kesteren wrote: > On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking wrote: >> Has the group looked at expanding the feature set of cookies to allow >> better CSRF protection? > > Mike has: > > > https://mikewest.github.io/internetdrafts/origin-cookies/dr

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Wed, Feb 11, 2015 at 10:52 AM, Anne van Kesteren wrote: > On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking wrote: > > Has the group looked at expanding the feature set of cookies to allow > > better CSRF protection? > This doesn't seem like a good fit for WebAppSec. Various IETF groups have g

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking wrote: > Has the group looked at expanding the feature set of cookies to allow > better CSRF protection? Mike has: https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html https://mikewest.github.io/internetd

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Wed, Feb 11, 2015 at 12:47 AM, Daniel Veditz wrote: > (2) The "Entry Point Regulation for Web Applications" deliverable seems >> >> to have serious risks of breaking the ability to link. It's not >> clear that the security benefits of this specification outweigh the >> risks to the

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

A new version of the charter has been uploaded that hopefully addresses these objections On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron wrote: > (1) The "Confinement with Origin Web Labels" deliverable is described > in a way that makes it unclear what the deliverable would do. It > s