W3C home > Mailing lists > Public > public-w3process@w3.org > October 2014

Require security review before FPWD

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 30 Oct 2014 18:17:58 +0100
Message-ID: <CADnb78gZ-kjZJCusKd2YXSYKgC85riVw_tPW_jAu3qH_2pqiFg@mail.gmail.com>
To: public-w3process <public-w3process@w3.org>
Without due security review implementers end up implementing drafts
and then we cannot fix the broken security and privacy
characteristics.

See e.g. https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#128 and
the rest of that thread for how hard it is to do this
post-publication.

Requiring TLS for an API is something that should be considered very early on.


-- 
https://annevankesteren.nl/
Received on Thursday, 30 October 2014 17:18:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:35:12 UTC