Martin Rex wrote:
Murray S. Kucherawy wrote:
From: Richard Barnes [mailto:rbarnes@xxxxxxx]
Seems like it depends on your definitions of "abusive" and
"legitimate". Do you have an example?
For a contrived example, let's say a registered HTTP header field
that's only ever found to be present in web pages used by bad actors,
but lots of them.
Such as "P3P:" ? :-D
Be afraid, be very afraid!
http://www.h-online.com/security/news/item/Google-also-bypassed-cookie-settings-in-Internet-Explorer-1438781.html
Thanks for the link Martin, helping to make sense of all the GooKids
Inc., hoopla and no thanks for needing the pencil in time to get our
operator P3P resources updated. :)
--
HLS
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf