Re: [websec] Acceptance of draft-gondrom-frame-options-02.txt and draft-gondrom-x-frame-options-00.txt as WebSec WG documents

Peter Saint-Andre <stpeter@stpeter.im> Mon, 16 April 2012 18:14 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9D0E11E80AB for <websec@ietfa.amsl.com>; Mon, 16 Apr 2012 11:14:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.644
X-Spam-Level:
X-Spam-Status: No, score=-102.644 tagged_above=-999 required=5 tests=[AWL=-0.045, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2NY3iDERwchY for <websec@ietfa.amsl.com>; Mon, 16 Apr 2012 11:14:35 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 4623A11E8093 for <websec@ietf.org>; Mon, 16 Apr 2012 11:14:34 -0700 (PDT)
Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 408954005B; Mon, 16 Apr 2012 12:28:42 -0600 (MDT)
Message-ID: <4F8C6189.1090006@stpeter.im>
Date: Mon, 16 Apr 2012 12:14:33 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: Chris Weber <chris@lookout.net>
References: <4F8B39B9.3060304@isode.com> <4F8C52B5.60809@stpeter.im> <4F8C5FD9.50005@lookout.net>
In-Reply-To: <4F8C5FD9.50005@lookout.net>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] Acceptance of draft-gondrom-frame-options-02.txt and draft-gondrom-x-frame-options-00.txt as WebSec WG documents
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2012 18:14:36 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/16/12 12:07 PM, Chris Weber wrote:

> Can we keep the document focused on the primary design goal - 
> controlling/preventing framing - and avoid lumping in other forms
> of attack that might piggyback on such framing?

Chris, just to be clear, are you objecting to acceptance of these
documents as starting points for progression within the working group
(i.e., do you think they are fatally flawed or not within the
charter), or are you providing technical feedback on the assumption
that they'll be accepted as working group items?

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+MYYkACgkQNL8k5A2w/vwmvQCglGJ8xp9AFFeKB63jxtGbVbuf
qhwAoMLyg4tuDx12C/z/Apelb7MI7c9h
=Dk8r
-----END PGP SIGNATURE-----