Just curious: do you have the same view of ASLR and low-level mitigations?
-
-
Replying to @arturjanc @sirdarckcat and
No, b/c those are well-aligned. CSP is not, that's why it's cumbersome.
1 reply 0 retweets 0 likes -
Replying to @kkotowicz @arturjanc and
CSP is sadly doc-specific, w/ messy syntax and try-to-address-all attitude.
2 replies 0 retweets 0 likes -
Replying to @kkotowicz @sirdarckcat and
'strict-dynamic' kinda fixes 2 of those; https://mikewest.github.io/origin-policy/ remaining one
1 reply 0 retweets 3 likes -
Replying to @arturjanc @kkotowicz and
Also, problems with any given mechanism don't negate the value of mitigations.
1 reply 0 retweets 2 likes -
Replying to @arturjanc @sirdarckcat and
<3 that. Mitigations get a free pass, regardless of design quality & efficacy.
1 reply 0 retweets 0 likes -
increasing the bw compat burden for the platform. It's a spec not worth backing
1 reply 0 retweets 0 likes
Replying to @kkotowicz @sirdarckcat and
I will take actual security value > spec purity, then figure out how to improve
1:03 AM - 7 Sep 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.