On Wed, Sep 18, 2013 at 11:44 AM, Gervase Markham wrote:
> On 17/09/13 15:18, a...@google.com wrote:
> > We also have a number of domains ("gmail.com", "googlemail.com" etc)
> > which require SNI to serve the correct certificate
>
> Change of topic: that's really interesting. You are using SNI in
On 17/09/13 15:18, a...@google.com wrote:
> On Tuesday, September 17, 2013 4:58:28 AM UTC-4, Gervase Markham
> wrote:
>> Can we work out what those requirements are by studying the
>> pinning configuration for google.com and its subdomains in Chrome?
>
> There are two different things that I fear
On 17.09.2013 09:38, Frederik Braun wrote:
> Hi,
>
> I was thinking.. Should there be a way to protect us from Cross-Zone
> Scripting (i.e. somebody XSSing privileged pages and thus being able to
> execute arbitrary commands) by applying CSP to internal pages?
This was already filed in 2012 as
ht
