Skip to main content

User Agent Connection Security
draft-steckbeck-ua-conn-sec-00

Document Type Expired Internet-Draft (individual)
Expired & archived
Author David Steckbeck
Last updated 2023-10-01 (Latest revision 2023-03-12)
RFC stream Independent Submission
Intended RFC status Experimental
Formats
Stream ISE state In ISE Review
Revised I-D Needed
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

The user agent to server transaction has many attack surfaces which have been defended by various recommendations such as Content Security Policy. An attack vector that is currently exploited is the open connection policy to first, second- and third-party resources. A breach of the origin website or other connected resource could require the client to load resources from a malicious network. This document provides a framework which allows authors to publish authorized connectable second- and third-party resources that a user agent should or must follow depending on configuration of that user agent.

Authors

David Steckbeck

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)