[websec] WGLC for X-Frame-Options

Yoav Nir <ynir@checkpoint.com> Tue, 23 October 2012 22:39 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D59491F0C8E for <websec@ietfa.amsl.com>; Tue, 23 Oct 2012 15:39:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.583
X-Spam-Status: No, score=-10.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id AtGf5L+VR-4j for <websec@ietfa.amsl.com>; Tue, 23 Oct 2012 15:39:50 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com []) by ietfa.amsl.com (Postfix) with ESMTP id 07F1E1F0C3A for <websec@ietf.org>; Tue, 23 Oct 2012 15:39:49 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com []) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id q9NMdl9M016405 for <websec@ietf.org>; Wed, 24 Oct 2012 00:39:47 +0200
X-CheckPoint: {50871AA4-0-1B221DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com ([]) by il-ex01.ad.checkpoint.com ([]) with mapi; Wed, 24 Oct 2012 00:39:46 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: IETF WebSec WG <websec@ietf.org>
Date: Wed, 24 Oct 2012 00:39:45 +0200
Thread-Topic: WGLC for X-Frame-Options
Thread-Index: Ac2xb0zTHb33hMtRQwuRaMJzUgzEDQ==
Message-ID: <D418C856-1FA9-4FA3-805D-6A44042B5A36@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [websec] WGLC for X-Frame-Options
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2012 22:39:50 -0000

Hi all

This is to initiate WGLC for the X-Frame-Options draft (not to be confused with the Frame-Options draft).

Please go to http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01, read the draft and send comments.

As usual, we would very much like to hear comments about clarity, thoroughness and applicability. Since this draft documents existing behavior, rather than prescribing future behavior, we would especially like to hear from people familiar with current implementations that support the X-Frame-Option header about whether the draft accurately describes the behavior of those implementations.

WGLC is usually for two weeks. However, the following two weeks include an IETF meeting, so I am extending this period to a little over three weeks. WGLC will end on Friday, November 16th. Please send your comments early, so that we might use our session in Atlanta to discuss issues that come up.