Re: [websec] WGLC for X-Frame-Options
Peter Saint-Andre <stpeter@stpeter.im> Wed, 14 November 2012 17:31 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A25021F85F3 for <websec@ietfa.amsl.com>; Wed, 14 Nov 2012 09:31:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.484
X-Spam-Level:
X-Spam-Status: No, score=-102.484 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNfHyHSLYf7a for <websec@ietfa.amsl.com>; Wed, 14 Nov 2012 09:31:19 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id ADF0621F857D for <websec@ietf.org>; Wed, 14 Nov 2012 09:31:19 -0800 (PST)
Received: from [64.101.72.39] (unknown [64.101.72.39]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id CFC7940062 for <websec@ietf.org>; Wed, 14 Nov 2012 10:35:29 -0700 (MST)
Message-ID: <50A3D56A.9000000@stpeter.im>
Date: Wed, 14 Nov 2012 10:31:22 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: IETF WebSec WG <websec@ietf.org>
References: <D418C856-1FA9-4FA3-805D-6A44042B5A36@checkpoint.com>
In-Reply-To: <D418C856-1FA9-4FA3-805D-6A44042B5A36@checkpoint.com>
X-Enigmail-Version: 1.4.5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] WGLC for X-Frame-Options
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Nov 2012 17:31:20 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/23/12 4:39 PM, Yoav Nir wrote: > This is to initiate WGLC for the X-Frame-Options draft Lacking time for a thorough review, I'll provide only a few small suggestions (take them or leave them as you will)... Abstract "this standard defines" => "this document defines" Introduction OLD This draft is to document the current use of X-Frame-Options header and shall in the future be replaced by the Frame-Options [FRAME-OPTIONS] standard. NEW This specification provides informational documentation about the current definition and use of the X-Frame-Options header. Given that the "X-" construction is deprecated [RFC6648], the X-Frame-Options header will in the future be replaced by the Frame-Options [FRAME-OPTIONS] header. [note: I'm not sure if the migration from X-Frame-Options to Frame-Options is really motivated by the considerations in RFC 6648, thus you might not want to include the first clause of the second sentence above] IANA Considerations Does this header really belong in the permanent registry, given that there are already plans to deprecate it? Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCj1WoACgkQNL8k5A2w/vyW7wCg7HyBtBin75GMTLNdcbrzmN8F 9AkAnRr82AN+gGg/KwVLj5EQ8pqeVLJW =r3Hk -----END PGP SIGNATURE-----
- Re: [websec] WGLC for X-Frame-Options Yoav Nir
- [websec] WGLC for X-Frame-Options Yoav Nir
- Re: [websec] WGLC for X-Frame-Options Yoav Nir
- Re: [websec] WGLC for X-Frame-Options Alexey Melnikov
- Re: [websec] WGLC for X-Frame-Options Julian Reschke
- [websec] WGLC feedback for X-Frame-Options Julian Reschke
- Re: [websec] WGLC for X-Frame-Options Hill, Brad
- Re: [websec] WGLC for X-Frame-Options Peter Saint-Andre
- Re: [websec] WGLC feedback for X-Frame-Options Julian Reschke
- Re: [websec] WGLC feedback for X-Frame-Options Yoav Nir