Re: [websec] Last Call: <draft-ietf-websec-x-frame-options-07.txt> (HTTP Header Field X-Frame-Options) to Informational RFC
Peter Saint-Andre <stpeter@stpeter.im> Mon, 29 July 2013 13:59 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 857AF21F9A29; Mon, 29 Jul 2013 06:59:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.454
X-Spam-Level:
X-Spam-Status: No, score=-102.454 tagged_above=-999 required=5 tests=[AWL=0.145, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qmKA-OyBZiUa; Mon, 29 Jul 2013 06:58:54 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id AECE711E80F1; Mon, 29 Jul 2013 06:57:43 -0700 (PDT)
Received: from dhcp-10f3.meeting.ietf.org (unknown [130.129.16.243]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 0870B40049; Mon, 29 Jul 2013 07:59:50 -0600 (MDT)
Message-ID: <51F674D4.8010603@stpeter.im>
Date: Mon, 29 Jul 2013 15:57:40 +0200
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: IETF list <ietf@ietf.org>
References: <20130729093755.20677.91084.idtracker@ietfa.amsl.com>
In-Reply-To: <20130729093755.20677.91084.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: websec@ietf.org
Subject: Re: [websec] Last Call: <draft-ietf-websec-x-frame-options-07.txt> (HTTP Header Field X-Frame-Options) to Informational RFC
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2013 13:59:04 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/29/13 11:37 AM, The IESG wrote: > > The IESG has received a request from the Web Security WG (websec) > to consider the following document: - 'HTTP Header Field > X-Frame-Options' <draft-ietf-websec-x-frame-options-07.txt> as > Informational RFC Section 1 states: This specification provides informational documentation about the current use and definition of the X-Frame-Options HTTP header field. Given that the "X-" construction is deprecated [RFC6648], the X -Frame-Options header field will in the future be replaced by the Frame-Options directive in the Content Security Policy Version 1.1 [CSP-1-1]. IMO, RFC 6648 does not necessitate deprecating the X-Frame-Options header field in favor of the Frame-Options header field, since RFC 6648 is not retroactive. We might want to make the relationship clearer here. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJR9nTUAAoJEOoGpJErxa2p+j0QAIh/eaMB0hj8C0YwFphmDE6w bBnOaqLAEtb1A269cx9Uzx0+gjnQz+9PI0wvrev08kKWR4DFNxXNKAGC8rxJx6T/ dXcB3WjwDAg7iinoL+LRcP5ionE9519gU6V65Ff4IpkBpFiY2KhkC6FKV1AgeH7C EIIpjHNH2dzeDQSBkYY1WGk5xDcXwoo+isUhF8TXhSf9mwY0NrUD2zO3UDDiAf// ZTWbAH1vvMl4BDduq1bSt0Yt0H4gBtOOjeo86N0EsfHNoPPSOmHQ/4aX18rGa7/A 7ddk5GXFRmaLR6zLXCrOIWc+RSe5rIHOKk1Im2OC/S7D/t1zaDhRROLIekMGZafa ySOo2dih/tQav7uAkdzDQr1HQ9LRRkzx5EnIdrbrVJGIPuDnOfvZ2ddE+7LDLQB7 SiZdacYVAKa3whaDiY4i2JVduv/2LyHG+JUhMDtD+J8PYSf4gPLRC4l8XqneIri7 9X+3UIW+I34c9mopbzwD+UiB+gPaHcBGKE3+LEBPJM1/+sUh7uM0Pm5SaU9NvXP1 VlR8H9cnvjf7DBm/p+cZ/hQiy78f/Zox/zRobeVlZUoW/+o4jqunYJA0EBNqHSKp 4hm2fBWMfQZZdVhYymHGY8+uhhKGp6U/fqJ95J6fwtlQhvo+O3MwzGywhHFFsgJV fVAvCigEvz3XX+RfaVJq =VZfS -----END PGP SIGNATURE-----
- [websec] Last Call: <draft-ietf-websec-x-frame-op… The IESG
- Re: [websec] Last Call: <draft-ietf-websec-x-fram… Peter Saint-Andre