-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/29/13 11:37 AM, The IESG wrote:
The IESG has received a request from the Web Security WG (websec)
to consider the following document: - 'HTTP Header Field
X-Frame-Options' <draft-ietf-websec-x-frame-options-07.txt> as
Informational RFC
Section 1 states:
This specification provides informational documentation about the
current use and definition of the X-Frame-Options HTTP header field.
Given that the "X-" construction is deprecated [RFC6648], the X
-Frame-Options header field will in the future be replaced by the
Frame-Options directive in the Content Security Policy Version 1.1
[CSP-1-1].
IMO, RFC 6648 does not necessitate deprecating the X-Frame-Options
header field in favor of the Frame-Options header field, since RFC
6648 is not retroactive. We might want to make the relationship
clearer here.
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR9nTUAAoJEOoGpJErxa2p+j0QAIh/eaMB0hj8C0YwFphmDE6w
bBnOaqLAEtb1A269cx9Uzx0+gjnQz+9PI0wvrev08kKWR4DFNxXNKAGC8rxJx6T/
dXcB3WjwDAg7iinoL+LRcP5ionE9519gU6V65Ff4IpkBpFiY2KhkC6FKV1AgeH7C
EIIpjHNH2dzeDQSBkYY1WGk5xDcXwoo+isUhF8TXhSf9mwY0NrUD2zO3UDDiAf//
ZTWbAH1vvMl4BDduq1bSt0Yt0H4gBtOOjeo86N0EsfHNoPPSOmHQ/4aX18rGa7/A
7ddk5GXFRmaLR6zLXCrOIWc+RSe5rIHOKk1Im2OC/S7D/t1zaDhRROLIekMGZafa
ySOo2dih/tQav7uAkdzDQr1HQ9LRRkzx5EnIdrbrVJGIPuDnOfvZ2ddE+7LDLQB7
SiZdacYVAKa3whaDiY4i2JVduv/2LyHG+JUhMDtD+J8PYSf4gPLRC4l8XqneIri7
9X+3UIW+I34c9mopbzwD+UiB+gPaHcBGKE3+LEBPJM1/+sUh7uM0Pm5SaU9NvXP1
VlR8H9cnvjf7DBm/p+cZ/hQiy78f/Zox/zRobeVlZUoW/+o4jqunYJA0EBNqHSKp
4hm2fBWMfQZZdVhYymHGY8+uhhKGp6U/fqJ95J6fwtlQhvo+O3MwzGywhHFFsgJV
fVAvCigEvz3XX+RfaVJq
=VZfS
-----END PGP SIGNATURE-----