Re: [websec] WGLC feedback for X-Frame-Options
Tobias Gondrom <tobias.gondrom@gondrom.org> Sat, 22 June 2013 06:10 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7A6721F9DE4 for <websec@ietfa.amsl.com>; Fri, 21 Jun 2013 23:10:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.362
X-Spam-Level:
X-Spam-Status: No, score=-95.362 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JeTX+1nCioFq for <websec@ietfa.amsl.com>; Fri, 21 Jun 2013 23:10:24 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id E63E021F9DC6 for <websec@ietf.org>; Fri, 21 Jun 2013 23:10:23 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=CuWfRmgENdspH52PS8qOCTM7WFK1c8wPWVF2S5hDMadgnKf9/3u+LQB+3dKa70Uh/wiBq6Ob1oIHb0fqsZGJxnlf+bVZkU6b7hp/RpUshPds8tSrnBODXVKZ4uggJn4Q; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 1699 invoked from network); 22 Jun 2013 08:10:22 +0200
Received: from 198.82.247.60.static.bjtelecom.net (HELO ?172.31.8.88?) (60.247.82.198) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 22 Jun 2013 08:10:22 +0200
Message-ID: <51C53FCD.4000306@gondrom.org>
Date: Sat, 22 Jun 2013 14:10:21 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: websec@ietf.org
References: <509BE1F0.4010701@KingsMountain.com> <CAC4RtVB73u==2kW8DudYT1AcWxqCEbQw3f_z0zfq5rvQ_OE8-A@mail.gmail.com> <509C07EB.5090806@gondrom.org>
In-Reply-To: <509C07EB.5090806@gondrom.org>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] WGLC feedback for X-Frame-Options
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jun 2013 06:10:28 -0000
Dear websec fellows, I just uploaded the latest version of XFO including the WGLC feedback I received. (Apologies for the delay, this happened due to some personal difficulties.) I hope the new revision is satisfactory and we can go to IETF LC. The changes were only very small: - the "deprecation of X-" comment is in the introduction section incl. reference to 6648 - and I removed the section 2.2.2 as recommended by Julian. Best regards, Tobias On 09/11/12 03:28, Tobias Gondrom wrote: > On 08/11/12 14:22, Barry Leiba wrote: >>> I suggest an explicit statement such as.. >>> >>> The purpose of this specification is to document existing practice. >>> >>> ..should appear in the abstract and the intoduction. >> ... >>> I wonder if also a note will be necessary to explain the use of the >>> "X-" >>> prefix in light of... >>> >>> 6648 Deprecating the "X-" Prefix and Similar Constructs in Application >>> Protocols. P. Saint-Andre, D. Crocker, M. Nottingham. June 2012. >> These are, of course, related, and one statement can cover both. I >> can pretty much guarantee you'll get DISCUSSes from the IESG if you >> don't do it. > > Thank you Jeff for reminding me. Forgot to include them. > Well, as we already have PSA's RFC on that (which btw. inspired XFO, > both (comment and reference) have been added to the text of working > copy (released in next version after this week). > > >> >> Barry, as AD >> _______________________________________________ >> websec mailing list >> websec@ietf.org >> https://www.ietf.org/mailman/listinfo/websec > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec
- Re: [websec] WGLC feedback for X-Frame-Options =JeffH
- Re: [websec] WGLC feedback for X-Frame-Options Barry Leiba
- Re: [websec] WGLC feedback for X-Frame-Options Tobias Gondrom
- Re: [websec] WGLC feedback for X-Frame-Options Peter Saint-Andre
- Re: [websec] WGLC feedback for X-Frame-Options Tobias Gondrom
- Re: [websec] WGLC feedback for X-Frame-Options Julian Reschke
- Re: [websec] WGLC feedback for X-Frame-Options Tobias Gondrom