IETF Logo Mail Archive

Re: [websec] WGLC feedback for X-Frame-Options

Tobias Gondrom <tobias.gondrom@gondrom.org> Sat, 22 June 2013 06:10 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7A6721F9DE4 for <websec@ietfa.amsl.com>; Fri, 21 Jun 2013 23:10:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.362
X-Spam-Level:
X-Spam-Status: No, score=-95.362 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JeTX+1nCioFq for <websec@ietfa.amsl.com>; Fri, 21 Jun 2013 23:10:24 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id E63E021F9DC6 for <websec@ietf.org>; Fri, 21 Jun 2013 23:10:23 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=CuWfRmgENdspH52PS8qOCTM7WFK1c8wPWVF2S5hDMadgnKf9/3u+LQB+3dKa70Uh/wiBq6Ob1oIHb0fqsZGJxnlf+bVZkU6b7hp/RpUshPds8tSrnBODXVKZ4uggJn4Q; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 1699 invoked from network); 22 Jun 2013 08:10:22 +0200
Received: from 198.82.247.60.static.bjtelecom.net (HELO ?172.31.8.88?) (60.247.82.198) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 22 Jun 2013 08:10:22 +0200
Message-ID: <51C53FCD.4000306@gondrom.org>
Date: Sat, 22 Jun 2013 14:10:21 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: websec@ietf.org
References: <509BE1F0.4010701@KingsMountain.com> <CAC4RtVB73u==2kW8DudYT1AcWxqCEbQw3f_z0zfq5rvQ_OE8-A@mail.gmail.com> <509C07EB.5090806@gondrom.org>
In-Reply-To: <509C07EB.5090806@gondrom.org>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] WGLC feedback for X-Frame-Options
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jun 2013 06:10:28 -0000

Dear websec fellows,

I just uploaded the latest version of XFO including the WGLC feedback I
received.
(Apologies for the delay, this happened due to some personal difficulties.)

I hope the new revision is satisfactory and we can go to IETF LC.
The changes were only very small:
- the "deprecation of X-" comment is in the introduction section incl.
reference to 6648
- and I removed the section 2.2.2 as recommended by Julian.

Best regards, Tobias





On 09/11/12 03:28, Tobias Gondrom wrote:
> On 08/11/12 14:22, Barry Leiba wrote:
>>> I suggest an explicit statement such as..
>>>
>>>    The purpose of this specification is to document existing practice.
>>>
>>> ..should appear in the abstract and the intoduction.
>> ...
>>> I wonder if also a note will be necessary to explain the use of the
>>> "X-"
>>> prefix in light of...
>>>
>>> 6648 Deprecating the "X-" Prefix and Similar Constructs in Application
>>>       Protocols. P. Saint-Andre, D. Crocker, M. Nottingham. June 2012.
>> These are, of course, related, and one statement can cover both.  I
>> can pretty much guarantee you'll get DISCUSSes from the IESG if you
>> don't do it.
>
> Thank you Jeff for reminding me. Forgot to include them.
> Well, as we already have PSA's RFC on that (which btw. inspired XFO,
> both (comment and reference) have been added to the text of working
> copy (released in next version after this week).
>
>
>>
>> Barry, as AD
>> _______________________________________________
>> websec mailing list
>> websec@ietf.org
>> https://www.ietf.org/mailman/listinfo/websec
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec

v2.23.0 | Report a Bug | By Email