websec Discussion Archive - Thread Index
[Prev Page] [Next Page] [Date Index]
[IETF Mailing List Directory]
[websec List Information]
- [websec] new rev: draft-ietf-websec-strict-transport-sec-08,
=JeffH
- [websec] I-D Action: draft-ietf-websec-strict-transport-sec-08.txt,
internet-drafts
- [websec] #45: HSTS: Alexey's editorial comments on -06,
websec issue tracker
- Re: [websec] IDNA Dependency and Migration text (was: Review of draft-ietf-websec-strict-transport-sec-06.txt),
=JeffH
- [websec] Frame-Options: Why a header and not a CSP directive?,
Adam Barth
- [websec] new rev: draft-ietf-websec-strict-transport-sec-07,
=JeffH
- [websec] I-D Action: draft-ietf-websec-strict-transport-sec-07.txt,
internet-drafts
- Re: [websec] IETF WebSec WG <websec at ietf.org>,
=JeffH
- Re: [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06,
=JeffH
- [websec] #44: terminology for referring to complete domain name (FQDN) possibly containing IDN labels,
websec issue tracker
- [websec] #43: HSTS: cite draft-reschke-http-status-308 and mention HTTP status code 308 ?,
websec issue tracker
- [websec] Minutes for the Paris (IETF 83) meeting,
Alexey Melnikov
- [websec] AppsDir review of draft-ietf-websec-strict-transport-sec,
Murray S. Kucherawy
- Re: [websec] ACTION-686: Sniffing,
Julian Reschke
- Re: [websec] #39: appropriately acknowlege and accommodate DANE,
=JeffH
- [websec] comments on -frame-options and -x-frame-options drafts,
Chris Weber
- [websec] Acceptance of draft-gondrom-frame-options-02.txt and draft-gondrom-x-frame-options-00.txt as WebSec WG documents,
Alexey Melnikov
- [websec] Review of draft-ietf-websec-strict-transport-sec-06.txt,
Alexey Melnikov
- [websec] OWASP AppSec Research EU CFP/CFT,
OWASP AppSec EU
- [websec] IETF-83 WebSec Session minutes?,
=JeffH
- [websec] Issue #42,
Yoav Nir
- [websec] Issue #41,
Yoav Nir
- [websec] #42: STS exception for CRL fetching,
websec issue tracker
- [websec] #41: add parameter indicating whether to hardfail or not,
websec issue tracker
- [websec] #40: Various editorial comments on -06,
websec issue tracker
- [websec] #39: appropriately acknowlege and accommodate DANE,
websec issue tracker
- [websec] new rev: draft-ietf-websec-strict-transport-sec-06,
=JeffH
- [websec] HSTS ABNF still broken: requires leading semi-colon,
=JeffH
- [websec] websec meeting in Paris - agenda topics?,
Tobias Gondrom
- [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06 until April-9,
Tobias Gondrom
- [websec] I-D Action: draft-ietf-websec-strict-transport-sec-06.txt,
internet-drafts
- [websec] #38: HSTS : Editorial Comments,
websec issue tracker
- Re: [websec] WG Last Call for -strict-transport-sec-05 - COMMENTS,
=JeffH
- [websec] #37: Clarify that superdomain HSTS flag does not update max-age of subdomain's HSTS max-age and vice versa,
websec issue tracker
- Re: [websec] #13: clarify that max-age=0 will cause UA to forget a known HSTS host,
websec issue tracker
- [websec] WG Last Call for -strict-transport-sec-05 ?,
=JeffH
- [websec] new rev: draft-ietf-websec-strict-transport-sec-05,
=JeffH
- [websec] I-D Action: draft-ietf-websec-strict-transport-sec-05.txt,
internet-drafts
- [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04,
=JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04,
Julian Reschke
- <Possible follow-ups>
- [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04,
=JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04,
=JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04,
=JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04,
=JeffH
- Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04,
=JeffH
- [websec] Fwd: I-D Action: draft-nir-websec-extended-origin-02.txt,
Yoav Nir
- [websec] Frame-Options header and intermediate frames,
David Ross
- [websec] Outstanding Issues on draft-ietf-websec-key-pinning-01,
Tom Ritter
- [websec] Fwd: I-D Action: draft-nir-websec-extended-origin-00.txt,
Yoav Nir
- Re: [websec] #36: HSTS: fixup references,
=JeffH
- [websec] proposed workflow for trac issue tickets (HSTS),
=JeffH
- [websec] new rev: draft-ietf-websec-strict-transport-sec-04,
=JeffH
- [websec] I-D Action: draft-ietf-websec-strict-transport-sec-04.txt,
internet-drafts
- [websec] #36: HSTS: fixup references,
websec issue tracker
- [websec] #35: HSTS spec could be more clear about UA behavior behind proxies,
websec issue tracker
- [websec] TheRightKey at ietf.org -- next gen broad user-facing internet trust infrastructure discussion,
=JeffH
- [websec] preparing for Paris,
Peter Saint-Andre
- [websec] Minor feedback on draft-ietf-websec-mime-sniff-03,
Willy Tarreau
- [websec] #34: HSTS cache manipulation and misuse by server enabled by wildcard cert,
websec issue tracker
- [websec] of quoted-string header field param value syntax (was: Strict-Transport-Security syntax redux),
=JeffH
- [websec] scope of mimesniff: roles vs. contexts vs. delivery channels,
Larry Masinter
- [websec] When is sniffing heuristic?,
Larry Masinter
- [websec] Is sniffing a heuristic? (was Re: more on sniffing),
Adam Barth
- [websec] more on sniffing,
Larry Masinter
- [websec] #33: HSTS: quoted-string grammar in (extension) directives ?,
websec issue tracker
- [websec] default value for max-age ? (was: Re: Strict-Transport-Security syntax redux),
=JeffH
- [websec] draft-ietf-websec-strict-transport-sec-03 reference nits,
Julian Reschke
- [websec] #32: HSTS: explain some practical implications of includeSubDomains directive,
websec issue tracker
- [websec] wrt IDN processing-related security considerations for draft-ietf-websec-strict-transport-sec,
=JeffH
- [websec] Minutes for the WebSec meeting in Taipei,
Alexey Melnikov
- [websec] FYI: related drafts on securing TSL and certificates,
Tobias Gondrom
- [websec] X-Requested-With header field,
Julian Reschke
- [websec] Test of XHR in HTML mail,
Richard Barnes
- [websec] Same Origins and email,
Murray S. Kucherawy
- [websec] RFC 6454 on The Web Origin Concept,
rfc-editor
- [websec] Feedback on draft-ietf-websec-key-pinning-01,
davidillsley
- [websec] Key pinning for DSA keys with inherited domain params,
Manger, James H
- [websec] I-D Action: draft-ietf-websec-key-pinning-01.txt,
internet-drafts
- [websec] Comments on draft-ietf-websec-key-pinning-00,
Manger, James H
- [websec] I-D Action: draft-ietf-websec-key-pinning-00.txt,
internet-drafts
- [websec] W3C Web Cryptography Working Group Charter,
Peter Saint-Andre
- [websec] mimesniff feedback, part 2,
Philip JÃgenstedt
- Re: [websec] mimesniff feedback, part 2,
Adam Barth
- Re: [websec] mimesniff feedback, part 2,
Julian Reschke
- Re: [websec] mimesniff feedback, part 2,
Adam Barth
- Re: [websec] mimesniff feedback, part 2,
Larry Masinter
- Re: [websec] mimesniff feedback, part 2,
Peter Saint-Andre
- Message not available
- Message not available
- Message not available
- Message not available
- Re: [websec] mimesniff feedback, part 2,
Larry Masinter
- Re: [websec] mimesniff feedback, part 2,
Adam Barth
- Re: [websec] mimesniff feedback, part 2,
Tobias Gondrom
[websec] mimesniff feedback,
Philip JÃgenstedt
[websec] Define cross-origin,
Anne van Kesteren
[websec] Brief comments on draft-evans-palmer-key-pinning,
Martin Thomson
[websec] Acceptance of draft-evans-palmer-key-pinning as a WG document,
=JeffH
[websec] WEBSEC session recording available,
Meetecho IETF support
[websec] Regarding HSTS issue #4,
Yoav Nir
[websec] Fwd: [Asrg] Phishing and domain reputation,
Peter Saint-Andre
[websec] Reasons why DANE does not meet all Security Policy Needs,
Phillip Hallam-Baker
[websec] pinning specs,
Peter Saint-Andre
[websec] Meetecho support for WEBSEC WG meeting session,
Meetecho IETF support
[websec] hodges-ietf-82-websec-HSTS-Status,
=JeffH
[websec] #31: HSTS: mention case insesitivity in prose for "max-age" and "includeSubDomains",
websec issue tracker
[websec] #30: HSTS: add an informational reference to RFC 4732: Denial-of-Service Considerations,
websec issue tracker
[websec] #29: HSTS: dismbiguate "mixed content" term & provide reference,
websec issue tracker
[websec] #28: HSTS spec unclear about the denotation of "HSTS policy",
websec issue tracker
[websec] #27: HSTS header ABNF is a hybrid of RFC2616 and httpbis and is overly complex and broken,
websec issue tracker
[websec] #26: reference IDNA2008 as well as IDNA2003,
websec issue tracker
[websec] meeting slides,
Tobias Gondrom
[websec] Testsuite for MIME sniffing,
Alexey Melnikov
[websec] Fwd: New Version Notification for draft-evans-palmer-key-pinning-00.txt,
Chris Palmer
[websec] New draft of HTTP header-based public key pinning,
Chris Palmer
[websec] fyi: draft-ietf-websec-strict-transport-sec-03,
=JeffH
[websec] I-D Action: draft-ietf-websec-strict-transport-sec-03.txt,
internet-drafts
[websec] An alternative approach to Security Policy,
Phillip Hallam-Baker
[websec] Sniffing test suite?,
Larry Masinter
[websec] reminder: Internet Draft final submission cut-off by 2011-10-31 (Monday) at 17:00 PT,
Tobias Gondrom
[websec] Strict-Transport-Security syntax redux,
=JeffH
Re: [websec] [decade] URIs for DECADE -- Named Information URI Scheme,
Phillip Hallam-Baker
[websec] #25: what, if any, sniffing for fonts is required?,
websec issue tracker
[websec] Issue 17: Registry for magic numbers,
Adam Barth
[websec] MIME sniffing test suite? Is there one?,
Larry Masinter
[websec] #24: ensure XML packaging is in scope,
websec issue tracker
[websec] #23: spec should mention proposed "nosniff" headers in HTTP even if not adopting them,
websec issue tracker
[websec] #22: content-type sniffing should include charset sniffing,
websec issue tracker
[websec] #21: sniffing of text/html shouldn't override polyglot label of application/xhtml+xml,
websec issue tracker
[websec] #20: Sniffing should be "opt in" on a case-by-case basis,
websec issue tracker
[websec] #19: Do not sniff PDF,
websec issue tracker
[websec] #18: Describe use of file extension in sniffing from "file:" and "ftp:" URIs,
websec issue tracker
[websec] #17: Use the "magic numbers" in the media type IANA registry instead of an explicit table,
websec issue tracker
[websec] Are all the issues filed? (was: Re: Using IETF Tracker for issues on MIME sniffing?),
Adam Barth
- Re: [websec] Are all the issues filed? (was: Re: Using IETF Tracker for issues on MIME sniffing?),
Larry Masinter
- [websec] font sniffing - Re: Are all the issues filed? (was: Re: Using IETF Tracker for issues on MIME sniffing?),
Tobias Gondrom
- Re: [websec] font sniffing - Re: Are all the issues filed? (was: Re: Using IETF Tracker for issues on MIME sniffing?),
Adam Barth
- Re: [websec] font sniffing,
Anne van Kesteren
- Re: [websec] font sniffing,
Tobias Gondrom
- Re: [websec] font sniffing,
Anne van Kesteren
- Re: [websec] font sniffing,
Tobias Gondrom
- Re: [websec] font sniffing,
Anne van Kesteren
- Re: [websec] font sniffing,
Larry Masinter
- Re: [websec] font sniffing,
"Martin J. DÃrst"
- Re: [websec] font sniffing,
"Martin J. DÃrst"
- Re: [websec] font sniffing,
Anne van Kesteren
- Re: [websec] font sniffing,
"Martin J. DÃrst"
- Re: [websec] font sniffing,
Tobias Gondrom
- Re: [websec] font sniffing,
Peter Saint-Andre
- Re: [websec] font sniffing,
Adam Barth
- Re: [websec] font sniffing,
Peter Saint-Andre
- Re: [websec] font sniffing,
Anne van Kesteren
- Re: [websec] font sniffing,
Peter Saint-Andre
- Re: [websec] font sniffing,
Peter Saint-Andre
- Re: [websec] font sniffing,
Adam Barth
[websec] #16: lack of explanatory text and no justifications for the normative language,
websec issue tracker
[websec] #15: Clarify scope of web sniffing,
websec issue tracker
[websec] websec meeting in Taipei,
Tobias Gondrom
[websec] Using IETF Tracker for issues on MIME sniffing?,
Larry Masinter
[websec] separate pinning header (was: Pinning and beyond...),
=JeffH
[websec] wrt "breaking pins" aka "un-pinning" (breakv, breakc directives; draft-evans-palmer-hsts-pinning-00),
=JeffH
[websec] Review of draft-evans-palmer-hsts-pinning-00,
=JeffH
[websec] Digest: Adventures in encoding,
Phillip Hallam-Baker
[websec] Protocol Action: 'The Web Origin Concept' to Proposed Standard (draft-ietf-websec-origin-06.txt),
The IESG
[websec] Updated, updated DIGEST spec,
Phillip Hallam-Baker
[websec] Updated Digest Scheme URI,
Phillip Hallam-Baker
[websec] I-D Action: draft-ietf-websec-origin-06.txt,
internet-drafts
[websec] Strict-Transport-Security syntax redux,
Ryan Sleevi
- <Possible follow-ups>
- Re: [websec] Strict-Transport-Security syntax redux,
=JeffH
- Re: [websec] Strict-Transport-Security syntax redux,
=JeffH
- Re: [websec] Strict-Transport-Security syntax redux,
Adam Barth
- Re: [websec] Strict-Transport-Security syntax redux,
Julian Reschke
- Re: [websec] Strict-Transport-Security syntax redux,
Julian Reschke
- Re: [websec] Strict-Transport-Security syntax redux,
Adam Barth
- Re: [websec] Strict-Transport-Security syntax redux,
Julian Reschke
- Re: [websec] Strict-Transport-Security syntax redux,
Adam Barth
- Re: [websec] Strict-Transport-Security syntax redux,
Julian Reschke
- Re: [websec] Strict-Transport-Security syntax redux,
Adam Barth
- Re: [websec] Strict-Transport-Security syntax redux,
Julian Reschke
- Re: [websec] Strict-Transport-Security syntax redux,
Adam Barth
- Re: [websec] Strict-Transport-Security syntax redux,
Julian Reschke
- Re: [websec] Strict-Transport-Security syntax redux,
Adam Barth
- Re: [websec] Strict-Transport-Security syntax redux,
Julian Reschke
Mail converted by MHonArc
