IETF Logo Mail Archive

[websec] Review request for a few WebAppSec specs.

"Hill, Brad" <bhill@paypal.com> Tue, 16 September 2014 21:09 UTC

Return-Path: <bhill@paypal.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26B091A03C4 for <websec@ietfa.amsl.com>; Tue, 16 Sep 2014 14:09:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -20.602
X-Spam-Level:
X-Spam-Status: No, score=-20.602 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAKDBlWg5Qm5 for <websec@ietfa.amsl.com>; Tue, 16 Sep 2014 14:09:07 -0700 (PDT)
Received: from den-mipot-002.corp.ebay.com (den-mipot-002.corp.ebay.com [216.113.175.153]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F45E1A0383 for <websec@ietf.org>; Tue, 16 Sep 2014 14:09:07 -0700 (PDT)
DomainKey-Signature: s=paypalcorp; d=paypal.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:Received: From:To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: Content-Type:Content-ID:Content-Transfer-Encoding: MIME-Version:Return-Path:X-CFilter-Loop; b=dRE2arUy5cZHvv46kaFctM3m4LXoLoNfy++1cwXr/+Rp7ZyEzem/aUry sq7aRJoFY/Wnwvad4Y8C/Yw6brxUZeG1Ry8qpqCeHCc6AKfUh5ANhuHW1 7WbiVCYCMBOg8EKWkMlvBtDFVUj/xeIy0CxlD6GMvMAOcj6t6s9uvxg8N s=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal.com; i=@paypal.com; q=dns/txt; s=paypalcorp; t=1410901747; x=1442437747; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=7SIXowVr0HnsQjJTn5dt1teqFvaqMY5o2lzcs9ycpuo=; b=g+KvkveQakoygdQiUKGlsUdUGGocGErWT/bJdm9SIZ4m6IPFyY5gjjSI 6QH0Ib9d+IWbAaDMJAwBOAJv+gLUNmTlsAiVUbO1v/ZSy/lxDlzpAjvWe VxWFSFBc/oj4xJNjQQ2y3mB4f6poG6GRnQrJ1yXA/pAo6c6OKG7SZgDkb g=;
X-EBay-Corp: Yes
X-IronPort-AV: E=Sophos;i="5.04,536,1406617200"; d="scan'208";a="68320177"
Received: from den-vteml-003.corp.ebay.com (HELO DEN-EXMHT-003.corp.ebay.com) ([10.101.112.119]) by den-mipot-002.corp.ebay.com with ESMTP; 16 Sep 2014 14:09:07 -0700
Received: from DEN-EXMHT-010.corp.ebay.com (10.241.52.135) by DEN-EXMHT-003.corp.ebay.com (10.241.17.150) with Microsoft SMTP Server (TLS) id 14.3.195.1; Tue, 16 Sep 2014 15:09:06 -0600
Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-010.corp.ebay.com ([10.241.52.135]) with mapi id 14.03.0195.001; Tue, 16 Sep 2014 15:09:06 -0600
From: "Hill, Brad" <bhill@paypal.com>
To: "websec@ietf.org" <websec@ietf.org>
Thread-Topic: Review request for a few WebAppSec specs.
Thread-Index: AQHP0fJymUN9kxagLE6paPw3EKRu5w==
Date: Tue, 16 Sep 2014 21:09:05 +0000
Message-ID: <3372A5C3-5F06-4F3D-BB85-889EB112313B@paypal.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [24.19.133.73]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <71CCD28A29E90F4A86CBFC83C3EABA2B@corp.ebay.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/vy0XvXuNHxNYoVQ7E8M56tUcmB0
X-Mailman-Approved-At: Fri, 19 Sep 2014 10:13:23 -0700
Cc: Joel Weinberger <jww@google.com>, Frederik Braun <fbraun@mozilla.com>, Jochen Eisinger <eisinger@google.com>, Mike West <mkwst@google.com>, Adam Barth <w3c@adambarth.com>
Subject: [websec] Review request for a few WebAppSec specs.
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 21:09:09 -0000

BCC: public-webappsec@, FYI.
CC: <WebAppSec editors/chairs>

Hello IETF WebSec folks,

The WebAppSec WG over at the W3C has a few specifications in flight for which we're actively seeking feedback. One or more of them might be interesting to you; if you have some spare time, we'd very much appreciate your feedback:

CSP2: https://w3c.github.io/webappsec/specs/content-security-policy/
Mixed Content: https://w3c.github.io/webappsec/specs/mixedcontent/
Referrer Policy: https://w3c.github.io/webappsec/specs/referrer-policy/
Subresource Integrity: https://w3c.github.io/webappsec/specs/subresourceintegrity/

The first three are in pretty good shape both in terms of the spec text and implementations. The last (SRI) would be more of a pre-review, but would still be helpful for us.

Thanks!

Brad Hill

v2.23.0 | Report a Bug | By Email