Re: [websec] WGLC feedback for X-Frame-Options
Tobias Gondrom <tobias.gondrom@gondrom.org> Fri, 28 June 2013 08:19 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA1ED21F9D5B for <websec@ietfa.amsl.com>; Fri, 28 Jun 2013 01:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -92.254
X-Spam-Level:
X-Spam-Status: No, score=-92.254 tagged_above=-999 required=5 tests=[AWL=0.000, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.935, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OE7bqvsceXvC for <websec@ietfa.amsl.com>; Fri, 28 Jun 2013 01:19:40 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id 4D36A21F9D4F for <websec@ietf.org>; Fri, 28 Jun 2013 01:19:24 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=u7nI7EmspSuxrbRkt4cz0WBxoaqNFJt4KzqLT1Cxlrb7nfMTekVGXMrArzzIKbSQsBW6gd0QbaMf8CIgNIg+taXqFYoNWMDddmuA+RgpoZvgUhVEkbZJXptBf57PQeh+; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 31884 invoked from network); 28 Jun 2013 10:19:23 +0200
Received: from unknown (HELO ?172.31.9.119?) (222.220.35.78) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 28 Jun 2013 10:19:22 +0200
Message-ID: <51CD4707.3090600@gondrom.org>
Date: Fri, 28 Jun 2013 16:19:19 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: julian.reschke@gmx.de
References: <509BE1F0.4010701@KingsMountain.com> <CAC4RtVB73u==2kW8DudYT1AcWxqCEbQw3f_z0zfq5rvQ_OE8-A@mail.gmail.com> <509C07EB.5090806@gondrom.org> <51C53FCD.4000306@gondrom.org> <51C959A6.4060208@gmx.de>
In-Reply-To: <51C959A6.4060208@gmx.de>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: websec@ietf.org
Subject: Re: [websec] WGLC feedback for X-Frame-Options
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2013 08:19:52 -0000
Hi Julian, thanks a lot! Just uploaded the revised version correcting your two nits. Best regards, Tobias On 25/06/13 16:49, Julian Reschke wrote: > On 2013-06-22 08:10, Tobias Gondrom wrote: >> Dear websec fellows, >> >> I just uploaded the latest version of XFO including the WGLC feedback I >> received. >> (Apologies for the delay, this happened due to some personal >> difficulties.) >> >> I hope the new revision is satisfactory and we can go to IETF LC. >> The changes were only very small: >> - the "deprecation of X-" comment is in the introduction section incl. >> reference to 6648 >> - and I removed the section 2.2.2 as recommended by Julian. >> >> Best regards, Tobias > > Thanks. > > A few nits: > > In 2.2, I'd replace > > The RFC 5234 [RFC5234] ABNF of the X-Frame-Options header is: > > by > > The RFC 5234 [RFC5234] ABNF of the X-Frame-Options header field > value is: > > (emphasis on *value*) > > (Also fix remaining instances of "header" to say "header field" for > consistency). Fixed the existing instance. But I went through all the other instances and did not fix the remaining instances, because most of them were semantically referring to the header itself and not the specific field value and secondly some of them were using the term "header field" which I believe captures the semantic of the particular sentences appropriately. But let me know which instance you think should be corrected as well. > > In the appendices, please fix the W3C references to include the author > names and the publication status, see > <http://greenbytes.de/tech/webdav/rfc2629xslt/w3c-references.html#ref-CR-CSP-20121115> > and > <http://greenbytes.de/tech/webdav/rfc2629xslt/w3c-references.html#ref-WD-CSP11-20130604>. Thanks. I corrected the refs. And I guess we will also revisit the reference links before publication in case there are any updates. Best regards, Tobias > > Best regards, Julian
- Re: [websec] WGLC feedback for X-Frame-Options =JeffH
- Re: [websec] WGLC feedback for X-Frame-Options Barry Leiba
- Re: [websec] WGLC feedback for X-Frame-Options Tobias Gondrom
- Re: [websec] WGLC feedback for X-Frame-Options Peter Saint-Andre
- Re: [websec] WGLC feedback for X-Frame-Options Tobias Gondrom
- Re: [websec] WGLC feedback for X-Frame-Options Julian Reschke
- Re: [websec] WGLC feedback for X-Frame-Options Tobias Gondrom