Re: [HASMAT] X-FRAME-OPTIONS

Tony Hansen <tony@att.com> Thu, 09 September 2010 17:11 UTC

Return-Path: <tony@att.com>
X-Original-To: hasmat@core3.amsl.com
Delivered-To: hasmat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 088163A6866 for <hasmat@core3.amsl.com>; Thu, 9 Sep 2010 10:11:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.551
X-Spam-Level:
X-Spam-Status: No, score=-105.551 tagged_above=-999 required=5 tests=[AWL=-0.244, BAYES_00=-2.599, MISSING_HEADERS=1.292, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-0g2KruQF0j for <hasmat@core3.amsl.com>; Thu, 9 Sep 2010 10:11:24 -0700 (PDT)
Received: from mail167.messagelabs.com (mail167.messagelabs.com [216.82.253.179]) by core3.amsl.com (Postfix) with ESMTP id 4EAF53A6870 for <hasmat@ietf.org>; Thu, 9 Sep 2010 10:11:24 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: tony@att.com
X-Msg-Ref: server-2.tower-167.messagelabs.com!1284052307!16000721!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [144.160.20.146]
Received: (qmail 22040 invoked from network); 9 Sep 2010 17:11:48 -0000
Received: from sbcsmtp7.sbc.com (HELO mlpd194.enaf.sfdc.sbc.com) (144.160.20.146) by server-2.tower-167.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 9 Sep 2010 17:11:48 -0000
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd194.enaf.sfdc.sbc.com (8.14.4/8.14.4) with ESMTP id o89HBG0u031271 for <hasmat@ietf.org>; Thu, 9 Sep 2010 13:11:16 -0400
Received: from klpd017.kcdc.att.com (klpd017.kcdc.att.com [135.188.40.86]) by mlpd194.enaf.sfdc.sbc.com (8.14.4/8.14.4) with ESMTP id o89HBC3i031180 for <hasmat@ietf.org>; Thu, 9 Sep 2010 13:11:12 -0400
Received: from kcdc.att.com (localhost.localdomain [127.0.0.1]) by klpd017.kcdc.att.com (8.14.4/8.14.4) with ESMTP id o89HBhj6013879 for <hasmat@ietf.org>; Thu, 9 Sep 2010 12:11:43 -0500
Received: from dns.maillennium.att.com (dns.maillennium.att.com [135.25.114.99]) by klpd017.kcdc.att.com (8.14.4/8.14.4) with ESMTP id o89HBeqX013792 for <hasmat@ietf.org>; Thu, 9 Sep 2010 12:11:41 -0500
Received: from [135.91.110.95] (dn135-91-110-95.dhcpn.ugn.att.com[135.91.110.95]) by maillennium.att.com (mailgw1) with ESMTP id <20100909171140gw100627pue> (Authid: tony); Thu, 9 Sep 2010 17:11:40 +0000
X-Originating-IP: [135.91.110.95]
Message-ID: <4C89154C.50903@att.com>
Date: Thu, 09 Sep 2010 13:11:40 -0400
From: Tony Hansen <tony@att.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
CC: IETF HASMAT list <hasmat@ietf.org>
References: <4C88AD91.4090301@gmx.de>
In-Reply-To: <4C88AD91.4090301@gmx.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [HASMAT] X-FRAME-OPTIONS
X-BeenThere: hasmat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <hasmat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hasmat>
List-Post: <mailto:hasmat@ietf.org>
List-Help: <mailto:hasmat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 17:11:31 -0000

Has the ship sailed with respect to naming the header "FRAME-OPTIONS" 
instead of "X-FRAME-OPTIONS"?

     Tony Hansen

On 9/9/2010 5:49 AM, Julian Reschke wrote:
> Hi,
>
> see
>
> <http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx> 
> and <http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/>.
>
> Is this something the WG should consider as well?
>
> Best regards, Julian