[websec] Same Origins and email

"Murray S. Kucherawy" <msk@cloudmark.com> Mon, 12 December 2011 19:01 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD34D21F8AD1 for <websec@ietfa.amsl.com>; Mon, 12 Dec 2011 11:01:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.847
X-Spam-Level:
X-Spam-Status: No, score=-101.847 tagged_above=-999 required=5 tests=[AWL=-0.738, BAYES_05=-1.11, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id motyuxIrHMl2 for <websec@ietfa.amsl.com>; Mon, 12 Dec 2011 11:01:28 -0800 (PST)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.25]) by ietfa.amsl.com (Postfix) with ESMTP id 445EC21F854E for <websec@ietf.org>; Mon, 12 Dec 2011 11:01:25 -0800 (PST)
Received: from malice.corp.cloudmark.com (172.22.10.71) by EXCH-HTCAS901.corp.cloudmark.com (172.22.10.73) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 12 Dec 2011 11:01:24 -0800
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by malice.corp.cloudmark.com ([172.22.10.71]) with mapi; Mon, 12 Dec 2011 11:01:24 -0800
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "websec@ietf.org" <websec@ietf.org>
Date: Mon, 12 Dec 2011 11:01:23 -0800
Thread-Topic: Same Origins and email
Thread-Index: Acy5AHD6JLGjr493SS+DT264pQWIcw==
Message-ID: <F5833273385BB34F99288B3648C4F06F19C6C15518@EXCH-C2.corp.cloudmark.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_F5833273385BB34F99288B3648C4F06F19C6C15518EXCHC2corpclo_"
MIME-Version: 1.0
Subject: [websec] Same Origins and email
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2011 19:01:29 -0000

Hi all, long-time lurker, first-time poster.

I don't work in the web browser business so much as I do the messaging anti-abuse business.  But this stuff has gotten my attention.  Now that RFC6454 is published, I have a few questions about its possible application in my context.
My first question (probably of several): What is the origin of an HTML document when it's viewed in an HTML-aware MUA because it arrived by email?

-MSK