Henri Sivonen wrote: > On Tue, Jun 25, 2013 at 6:08 AM, Brian Smith <bsm...@mozilla.com> wrote: > > At the same time, I doubt such a policy is necessary or helpful for the > > modules that I am owner/peer of (PSM/Necko), at least at this time. > > In fact, though I haven't thought about it deeply, most of the recent > > evidence I've observed indicates that such a policy would be very > > harmful if applied to network and cryptographic protocol design and > > deployment, at least. > > It seems to me that HTTP headers at least could use the policy. Consider: > X-Content-Security-Policy > Content-Security-Policy > X-WebKit-CSP > :-( > > In retrospect, it should have been Content-Security-Policy from the > moment it shipped on by default on the release channel and the X- > variants should never have existed. > > Also: https://tools.ietf.org/html/rfc6648
I understand how X-Content-Security-Policy, et al., seems concerning to people, especially people who have had to deal with the horrors of web API prefixing and CSS prefixing. If people are concerned about HTTP header prefixes then we can handle policy for that separately from Andrew's proposal, in a much more lightweight fashion. For example, we could just "Let's all follow the advise of RFC6648 whenever practical." on https://wiki.mozilla.org/Networking. Problem solved. I am less concerned about the policy of prefixing or not prefixing HTTP headers and similar small things, than I am about the potential for this proposal to restrict the creation and development of new networking protocols like SPDY and the things that will come after SPDY. Cheers, Brian _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform