#1 - fair point
#2 - I was worried that the current mechanism was multi-origin only, but it
sounds like that's not the case. If so, this is good.
NIH doesn't sound like a great reason at all.
Question for Tobias -- with a move to push this from the IETF to the W3C/CSP,
given your IETF affiliat
The full ancestor stack walk may be considered an artificial / unnecessary
limitation given that users can only make trust decisions based on the UI at
the top level. (This is in a world where the top level is conservative,
avoiding framing untrusted content.)
"I'm a little bit concerned that