Re: [websec] I-D Action: draft-ietf-websec-x-frame-options-02.txt - status update

Tobias Gondrom <tobias.gondrom@gondrom.org> Tue, 26 February 2013 09:43 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19E4221F8650 for <websec@ietfa.amsl.com>; Tue, 26 Feb 2013 01:43:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.287
X-Spam-Level:
X-Spam-Status: No, score=-95.287 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPw+332wQKo2 for <websec@ietfa.amsl.com>; Tue, 26 Feb 2013 01:43:19 -0800 (PST)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id E940321F84A2 for <websec@ietf.org>; Tue, 26 Feb 2013 01:43:17 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=fP2dwQ4xl+TJQfm2uabiRyjea91KIkiFB6IxUTbzqt5pWPunsCeWETJqvo1iocT9IQDo+iT9ENb68XE8OR76s1N9lK5VdIWAz7MkIBwM+HKYyFei0WPo5apDPi1RSEuk; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 28544 invoked from network); 26 Feb 2013 10:43:15 +0100
Received: from d1-162-57-143-118-on-nets.com (HELO ?10.8.18.138?) (118.143.57.162) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 26 Feb 2013 10:43:15 +0100
Message-ID: <512C83B0.6050007@gondrom.org>
Date: Tue, 26 Feb 2013 17:43:12 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: websec@ietf.org
References: <20130225190458.24804.95574.idtracker@ietfa.amsl.com>
In-Reply-To: <20130225190458.24804.95574.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] I-D Action: draft-ietf-websec-x-frame-options-02.txt - status update
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2013 09:43:25 -0000

Hi all,

<hat="individual">

just a quick update on the status of the informational X-Frame-Options
draft.
First, let me thank everyone for the great reviews and feedback and
apologize for not posting the revised draft earlier. Was a little bit
occupied with other work items and also wanted to give enough time to
thoroughly incorporate all your feedback.

I am very grateful for your reviews and feedback and went through all
the emails and incorporated every bit of review feedback you gave me (in
some cases I received feedback from more than one person on an
individual paragraph in which case I chose the proposals that seemed the
best fit to me).

The revision includes the WGLC feedback from Adam, Alexey, Barry, Brad,
Dave, Jeff, Julian, Mark, Peter and Yoav. And I think it significantly
improved the quality of the draft which was before the WGLC still with a
few typos and not clearly to understand sentences. I hope the revision
does not reflect a good improvement.

Personally, I do not think this update made any major changes to the
draft, especially as it is only documenting what is out there anyway. So
whether we want to re-initiate a second WGLC or submit this to the IESG
for LC, will be up to you and my co-chair Yoav and potentially Alexey
(if he still volunteering to play I-D shepherd for this doc).

Best regards, Tobias




On 26/02/13 03:04, internet-drafts@ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>  This draft is a work item of the Web Security Working Group of the IETF.
>
> 	Title           : HTTP Header Field X-Frame-Options
> 	Author(s)       : David Ross
>                           Tobias Gondrom
> 	Filename        : draft-ietf-websec-x-frame-options-02.txt
> 	Pages           : 11
> 	Date            : 2013-02-25
>
> Abstract:
>    To improve the protection of web applications against Clickjacking,
>    this specification describes the X-Frame-Options HTTP response header
>    field that declares a policy communicated from the server to the
>    client browser on whether the browser may display the transmitted
>    content in frames that are part of other web pages.  This
>    informational document serves to document the existing use and
>    specification of this X-Frame-Options HTTP response header field.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-websec-x-frame-options
>
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02
>
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-ietf-websec-x-frame-options-02
>
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec