Re: [HASMAT] X-FRAME-OPTIONS

Adam Barth <ietf@adambarth.com> Thu, 09 September 2010 14:00 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: hasmat@core3.amsl.com
Delivered-To: hasmat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AAADA3A6841 for <hasmat@core3.amsl.com>; Thu, 9 Sep 2010 07:00:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.053
X-Spam-Level:
X-Spam-Status: No, score=-2.053 tagged_above=-999 required=5 tests=[AWL=-0.076, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJiqB+Csdkfr for <hasmat@core3.amsl.com>; Thu, 9 Sep 2010 07:00:09 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id 87A8B3A686A for <hasmat@ietf.org>; Thu, 9 Sep 2010 07:00:09 -0700 (PDT)
Received: by vws10 with SMTP id 10so1436016vws.31 for <hasmat@ietf.org>; Thu, 09 Sep 2010 07:00:37 -0700 (PDT)
Received: by 10.220.128.201 with SMTP id l9mr721495vcs.73.1284040836759; Thu, 09 Sep 2010 07:00:36 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id r15sm882917vbp.10.2010.09.09.07.00.35 (version=SSLv3 cipher=RC4-MD5); Thu, 09 Sep 2010 07:00:35 -0700 (PDT)
Received: by iwn3 with SMTP id 3so1359751iwn.31 for <hasmat@ietf.org>; Thu, 09 Sep 2010 07:00:34 -0700 (PDT)
Received: by 10.231.59.13 with SMTP id j13mr11880417ibh.77.1284040834311; Thu, 09 Sep 2010 07:00:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.143.1 with HTTP; Thu, 9 Sep 2010 07:00:04 -0700 (PDT)
In-Reply-To: <4C88AD91.4090301@gmx.de>
References: <4C88AD91.4090301@gmx.de>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 09 Sep 2010 07:00:04 -0700
Message-ID: <AANLkTi=TZ2Z+2fo7B0+wid2K1zTKxAQo4V974RSvw34M@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: IETF HASMAT list <hasmat@ietf.org>
Subject: Re: [HASMAT] X-FRAME-OPTIONS
X-BeenThere: hasmat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <hasmat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hasmat>
List-Post: <mailto:hasmat@ietf.org>
List-Help: <mailto:hasmat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 14:00:10 -0000

We could.  I'd be happy to edit it.  There's isn't much (any?)
flexibility in the protocol though.

Adam


On Thu, Sep 9, 2010 at 2:49 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> Hi,
>
> see
>
> <http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx>
> and <http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/>.
>
> Is this something the WG should consider as well?
>
> Best regards, Julian
> _______________________________________________
> HASMAT mailing list
> HASMAT@ietf.org
> https://www.ietf.org/mailman/listinfo/hasmat
>