Thoughts on Declaring Security Policies

My thoughts about Mozilla's Content Security Policy proposal were just published over on the IEBlog.  I actually have quite a bit more to say (at even greater length :-) about declarative security mechanisms, and some more technical feedback specific to CSP.  I hope to make a number of posts on this topic to this (IEInternals) blog over the coming months, and continue to engage directly with the smart folks working on CSP over at Mozilla.

Until then, if you've got a suggestion for security features (declarative or other) that you think would be valuable for browsers to offer, feel free to sound off in the comments below!

thanks,

Eric