- From: Nicholas Doty <npdoty@w3.org>
- Date: Fri, 7 Nov 2014 14:57:48 -0800
- To: public-web-security@w3.org, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-Id: <92A300AC-D0C9-41D2-8271-0FA3E6E3E0AF@w3.org>
During TPAC, we had a breakout session to discuss a series of proposals regarding restricting sensitive APIs to secure or authenticated origins and other measures we could take to address the problem of pervasive monitoring [1]. I've cleaned up the minutes for your review: http://www.w3.org/2014/10/29-permon-minutes.html In general, I heard: * consensus that moving all traffic to TLS (or similar) in order to increase integrity is a goal * interest in transition processes -- for moving features to HTTPS-only and for getting the industry as a whole (including hardware) to TLS * possibilities for using DNSSEC for more secure browsing, with issues of performance and middleboxes I would welcome additional takeaways that others in attendance had, or any additional conclusions since. I know this to be a topic of discussion in at least the following working groups: * HTML/EME * WebCrypto * Geolocation * WebAppSec * WebRTC/Media Capture * TAG As Giri mentioned during the breakout, Geolocation is having an open call for discussion of this topic, with some active discussion on this thread: http://lists.w3.org/Archives/Public/public-geolocation/2014Nov/0007.html Thanks all for your participation at TPAC and for the broad discussion and effort to improve security on the Web. Nick [1] http://tools.ietf.org/html/rfc7258
Received on Friday, 7 November 2014 22:57:59 UTC