Re: [HASMAT] X-FRAME-OPTIONS

Adam Barth <ietf@adambarth.com> Thu, 09 September 2010 17:17 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: hasmat@core3.amsl.com
Delivered-To: hasmat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A233E3A68A0 for <hasmat@core3.amsl.com>; Thu, 9 Sep 2010 10:17:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.051
X-Spam-Level:
X-Spam-Status: No, score=-2.051 tagged_above=-999 required=5 tests=[AWL=-0.074, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EXhg19OY+w5w for <hasmat@core3.amsl.com>; Thu, 9 Sep 2010 10:17:12 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id 628A13A6870 for <hasmat@ietf.org>; Thu, 9 Sep 2010 10:17:12 -0700 (PDT)
Received: by fxm18 with SMTP id 18so1233695fxm.31 for <hasmat@ietf.org>; Thu, 09 Sep 2010 10:17:39 -0700 (PDT)
Received: by 10.223.121.196 with SMTP id i4mr55130far.11.1284052659352; Thu, 09 Sep 2010 10:17:39 -0700 (PDT)
Received: from mail-px0-f172.google.com (mail-px0-f172.google.com [209.85.212.172]) by mx.google.com with ESMTPS id j14sm828846faa.23.2010.09.09.10.17.38 (version=SSLv3 cipher=RC4-MD5); Thu, 09 Sep 2010 10:17:39 -0700 (PDT)
Received: by pxi6 with SMTP id 6so749247pxi.31 for <hasmat@ietf.org>; Thu, 09 Sep 2010 10:17:37 -0700 (PDT)
Received: by 10.114.134.5 with SMTP id h5mr46691wad.145.1284052647435; Thu, 09 Sep 2010 10:17:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.91.140 with HTTP; Thu, 9 Sep 2010 10:16:56 -0700 (PDT)
In-Reply-To: <4C89154C.50903@att.com>
References: <4C88AD91.4090301@gmx.de> <4C89154C.50903@att.com>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 9 Sep 2010 10:16:56 -0700
Message-ID: <AANLkTi=3kZ5gCdGw=kkOk-kbY1cW_j7oooei8-+dhxaT@mail.gmail.com>
To: Tony Hansen <tony@att.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: IETF HASMAT list <hasmat@ietf.org>
Subject: Re: [HASMAT] X-FRAME-OPTIONS
X-BeenThere: hasmat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <hasmat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hasmat>
List-Post: <mailto:hasmat@ietf.org>
List-Help: <mailto:hasmat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 17:17:14 -0000

We could add support for Frame-Options, but we would likely not remove
support for X-Frame-Options.  The name was chosen by Microsoft when
they shipped IE8.

Adam


On Thu, Sep 9, 2010 at 10:11 AM, Tony Hansen <tony@att.com> wrote:
> Has the ship sailed with respect to naming the header "FRAME-OPTIONS"
> instead of "X-FRAME-OPTIONS"?
>
>    Tony Hansen
>
> On 9/9/2010 5:49 AM, Julian Reschke wrote:
>>
>> Hi,
>>
>> see
>>
>>
>> <http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx>
>> and <http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/>.
>>
>> Is this something the WG should consider as well?
>>
>> Best regards, Julian
>
> _______________________________________________
> HASMAT mailing list
> HASMAT@ietf.org
> https://www.ietf.org/mailman/listinfo/hasmat
>