W3C home > Mailing lists > Public > public-w3process@w3.org > November 2014

Re: Require security review before FPWD

From: Mike West <mkwst@google.com>
Date: Mon, 3 Nov 2014 15:17:59 +0100
Message-ID: <CAKXHy=e-iUiM0EswHX1B4O7P-aUHurO6DdhxaK2gP7fV5nnUqw@mail.gmail.com>
To: Sam Ruby <rubys@intertwingly.net>
Cc: public-w3process@w3.org
Skimming through this thread again, the concept of a questionnaire makes a
lot of sense to me. I did a quick brain dump at
skims through some of the questions that come to mind regarding both
security and privacy considerations.

Does that document capture the general direction folks are considering?


Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Mon, Nov 3, 2014 at 2:07 PM, Sam Ruby <rubys@intertwingly.net> wrote:

> On 11/03/2014 07:33 AM, Anne van Kesteren wrote:
>> On Mon, Nov 3, 2014 at 1:10 PM, David Singer <singer@apple.com>
>> wrote:
>>> Since I have no idea how we got from ‘when is it required that an
>>> XXX review be done?’ to ‘has the W3C endorsed DRM?’ I can only
>>> conclude that we’re seriously at cross purposes.
>> I brought up EME as an example of where vendors implemented and
>> shipped something that is bad for security and privacy. Reviewers
>> are at a loss. You said vendors should follow the W3C. I argued that
>> such an argument did not apply here as the W3C has not made up its
>> made mind (or so claims the leadership).
> Having recently been at a F2F with those vendors, I can confidently
> state that a security review prior to FPWD would not have changed vendor
> behavior.  In fact, I see a lot of parallel to the <video> tag[1].  That
> being said, discussion is ongoing, and I encourage readers to consult
> the following:
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#c130
> https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-
> media/encrypted-media.html#privacy-secureorigin
> - Sam Ruby
> [1] http://lists.w3.org/Archives/Public/public-whatwg-archive/
> 2009Jun/0599.html
Received on Monday, 3 November 2014 14:18:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:35:12 UTC