Initial Assignment for the Content Security Policy Directives Registry
draft-west-webappsec-csp-reg-04
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2016-01-28
|
04 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
|
2016-01-26
|
04 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
|
2016-01-18
|
04 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
|
2015-12-09
|
04 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
|
2015-12-08
|
04 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
|
2015-11-29
|
04 | Gunter Van de Velde | Closed request for Last Call review by OPSDIR with state 'No Response' |
|
2015-11-24
|
04 | (System) | IANA Action state changed to Waiting on Authors |
|
2015-11-23
|
04 | (System) | RFC Editor state changed to EDIT |
|
2015-11-23
|
04 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
|
2015-11-23
|
04 | (System) | Announcement was received by RFC Editor |
|
2015-11-23
|
04 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
|
2015-11-23
|
04 | Amy Vezza | IESG has approved the document |
|
2015-11-23
|
04 | Amy Vezza | Closed "Approve" ballot |
|
2015-11-23
|
04 | Amy Vezza | Ballot approval text was generated |
|
2015-11-20
|
04 | Barry Leiba | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed |
|
2015-11-20
|
04 | Mike West | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
|
2015-11-20
|
04 | Mike West | New version available: draft-west-webappsec-csp-reg-04.txt |
|
2015-11-19
|
03 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
|
2015-11-19
|
03 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
|
2015-11-19
|
03 | Amy Vezza | Changed consensus to Yes from Unknown |
|
2015-11-19
|
03 | Benoît Claise | [Ballot comment] Not sure if this is a concern or not. Disclaimer: I have no background on content security policy directives. The IANA registry is … [Ballot comment] Not sure if this is a concern or not. Disclaimer: I have no background on content security policy directives. The IANA registry is based on [CSP] West, M. and D. Veditz, "Content Security Policy", n.d., . I wonder if this [CSP] is stable content? From the web site, I see Content Security Policy Level 3 Editor’s Draft, 6 November 2015 3 = version? Editor's draft? Doesn't sound like stable. The text in draft-west-webappsec-csp-reg-03 considers [CSP] as stable Ex: It populates the registry with the directives defined in the CSP specification. Also The following table contains the initial values for this registry: +-----------------+-----------+ | Directive Name | Reference | +-----------------+-----------+ | base-uri | [CSP] | | child-src | [CSP] | | connect-src | [CSP] | | default-src | [CSP] | | font-src | [CSP] | | form-action | [CSP] | | frame-ancestors | [CSP] | | frame-src | [CSP] | | img-src | [CSP] | | media-src | [CSP] | | object-src | [CSP] | | plugin-types | [CSP] | | report-uri | [CSP] | | sandbox | [CSP] | | script-src | [CSP] | | style-src | [CSP] | +-----------------+-----------+ Bottom line: 1. should the CSP reference mention? Content Security Policy Level 3 Editor’s Draft, 6 November 2015 2. should the document title mention "Initial assignment for Content Security Policy Directive Registry"? |
|
2015-11-19
|
03 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
|
2015-11-18
|
03 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
|
2015-11-18
|
03 | Ben Campbell | [Ballot comment] I'm balloting "yes", but I share Stephen's question about a stable reference for CSP. I note the referenced version is marked "draft" and … [Ballot comment] I'm balloting "yes", but I share Stephen's question about a stable reference for CSP. I note the referenced version is marked "draft" and warns that it may change. |
|
2015-11-18
|
03 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
|
2015-11-18
|
03 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
|
2015-11-17
|
03 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
|
2015-11-17
|
03 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
|
2015-11-17
|
03 | Alissa Cooper | [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper |
|
2015-11-16
|
03 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
|
2015-11-16
|
03 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
|
2015-11-16
|
03 | Stephen Farrell | [Ballot comment] Is the github.io reference for CSP the best one? When I go there it says http://www.w3.org/TR/CSP3/ is the "latest" version but that URL … [Ballot comment] Is the github.io reference for CSP the best one? When I go there it says http://www.w3.org/TR/CSP3/ is the "latest" version but that URL gives me a 404. The W3C home page leads to http://www.w3.org/TR/CSP2/ which I guess is a previous incarnation of this (albeit from July). I'd suggest that it might be nice to the reader to include a few of those as references and to explain (in a sentence) what's what. |
|
2015-11-16
|
03 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
|
2015-11-12
|
03 | Barry Leiba | Ballot has been issued |
|
2015-11-12
|
03 | Barry Leiba | [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba |
|
2015-11-12
|
03 | Barry Leiba | Created "Approve" ballot |
|
2015-11-12
|
03 | Barry Leiba | Placed on agenda for telechat - 2015-11-19 |
|
2015-11-12
|
03 | Barry Leiba | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
|
2015-11-09
|
03 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
|
2015-10-22
|
03 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Robert Sparks. |
|
2015-10-19
|
03 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Stefan Winter |
|
2015-10-19
|
03 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Stefan Winter |
|
2015-10-16
|
03 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
|
2015-10-16
|
03 | Amanda Baber | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-west-webappsec-csp-reg-03. If any part of this review is inaccurate, please contact us. IANA understands … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-west-webappsec-csp-reg-03. If any part of this review is inaccurate, please contact us. IANA understands that, upon approval of this document, there is a single action which IANA must complete. The document creates a single new top-level registry called "Content Security Policy Directives." IANA will accordingly create a new category of the same name at http://www.iana.org/protocols. If that name should be broadened to accommodate future related registries, please let us know. The new registry is managed via the Specification Required policy defined by RFC 5226. These are the initial registrations: +-----------------+----------------------------------------------+ | Directive Name | Reference | +-----------------+----------------------------------------------+ | base-uri | [ https://w3c.github.io/webappsec-csp/ ] | | child-src | [ https://w3c.github.io/webappsec-csp/ ] | | connect-src | [ https://w3c.github.io/webappsec-csp/ ] | | default-src | [ https://w3c.github.io/webappsec-csp/ ] | | font-src | [ https://w3c.github.io/webappsec-csp/ ] | | form-action | [ https://w3c.github.io/webappsec-csp/ ] | | frame-ancestors | [ https://w3c.github.io/webappsec-csp/ ] | | frame-src | [ https://w3c.github.io/webappsec-csp/ ] | | img-src | [ https://w3c.github.io/webappsec-csp/ ] | | media-src | [ https://w3c.github.io/webappsec-csp/ ] | | object-src | [ https://w3c.github.io/webappsec-csp/ ] | | plugin-types | [ https://w3c.github.io/webappsec-csp/ ] | | report-uri | [ https://w3c.github.io/webappsec-csp/ ] | | sandbox | [ https://w3c.github.io/webappsec-csp/ ] | | script-src | [ https://w3c.github.io/webappsec-csp/ ] | | style-src | [ https://w3c.github.io/webappsec-csp/ ] | +-----------------+----------------------------------------------+ IANA understands that this is the only action required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. |
|
2015-10-15
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Aaron Falk |
|
2015-10-15
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Aaron Falk |
|
2015-10-15
|
03 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Robert Sparks |
|
2015-10-15
|
03 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Robert Sparks |
|
2015-10-14
|
03 | (System) | Notify list changed from draft-west-webappsec-csp-reg.ad@ietf.org, mkwst@google.com, mnot@mnot.net, draft-west-webappsec-csp-reg.shepherd@ietf.org, draft-west-webappsec-csp-reg@ietf.org to (None) |
|
2015-10-12
|
03 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
|
2015-10-12
|
03 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Content Security Policy Directive Registry) to … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Content Security Policy Directive Registry) to Informational RFC The IESG has received a request from an individual submitter to consider the following document: - 'Content Security Policy Directive Registry' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-11-09. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document establishes an Internet Assigned Number Authority (IANA) registry for Content Security Policy directives. It populates the registry with the directives defined in the CSP specification. The file can be obtained via https://datatracker.ietf.org/doc/draft-west-webappsec-csp-reg/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-west-webappsec-csp-reg/ballot/ No IPR declarations have been submitted directly on this I-D. |
|
2015-10-12
|
03 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
|
2015-10-12
|
03 | Amy Vezza | Last call announcement was changed |
|
2015-10-11
|
03 | Barry Leiba | Last call was requested |
|
2015-10-11
|
03 | Barry Leiba | Last call announcement was generated |
|
2015-10-11
|
03 | Barry Leiba | Ballot approval text was generated |
|
2015-10-11
|
03 | Barry Leiba | IESG state changed to Last Call Requested from AD Evaluation |
|
2015-10-11
|
03 | Barry Leiba | IESG state changed to AD Evaluation from Publication Requested |
|
2015-10-11
|
03 | Barry Leiba | Ballot writeup was changed |
|
2015-10-11
|
03 | Barry Leiba | 1. Summary Mark Nottingham is Document Shepherd; Barry Leiba is responsible Area Director. This document establishes an Internet Assigned Number Authority (IANA) registry for Content … 1. Summary Mark Nottingham is Document Shepherd; Barry Leiba is responsible Area Director. This document establishes an Internet Assigned Number Authority (IANA) registry for Content Security Policy directives. It populates the registry with the directives defined in the CSP specification. The target status is Informational. 2. Review and Consensus This is an AD-sponsored draft to establish a registry for CSP directives. CSP is defined by the W3C, a product of its consensus process and widely deployed. Discussion of this draft in the IETF will occur in Last Call. 3. Intellectual Property The author has stated that to his direct, personal knowledge, all IPR related to this document has been disclosed. 4. Other Points This document does not make downward references. |
|
2015-10-11
|
03 | Barry Leiba | Ballot writeup was generated |
|
2015-10-11
|
03 | Barry Leiba | IESG process started in state Publication Requested |
|
2015-10-11
|
03 | Mark Nottingham | Changed document writeup |
|
2015-10-07
|
03 | Mike West | New version available: draft-west-webappsec-csp-reg-03.txt |
|
2015-10-07
|
02 | Barry Leiba | Shepherding AD changed to Barry Leiba |
|
2015-10-07
|
02 | Barry Leiba | Notification list changed to "Mark Nottingham" <mnot@mnot.net> |
|
2015-10-07
|
02 | Barry Leiba | Document shepherd changed to Mark Nottingham |
|
2015-10-07
|
02 | Barry Leiba | Intended Status changed to Informational from None |
|
2015-10-07
|
02 | Barry Leiba | Stream changed to IETF from None |
|
2015-10-07
|
02 | Mike West | New version available: draft-west-webappsec-csp-reg-02.txt |
|
2015-10-07
|
01 | Mike West | New version available: draft-west-webappsec-csp-reg-01.txt |
|
2015-10-06
|
00 | Mike West | New version available: draft-west-webappsec-csp-reg-00.txt |