W3C home > Mailing lists > Public > public-web-security@w3.org > November 2014

Pervasive Monitoring and Secure Origins breakout session

From: Nicholas Doty <npdoty@w3.org>
Date: Fri, 7 Nov 2014 14:57:48 -0800
Message-Id: <92A300AC-D0C9-41D2-8271-0FA3E6E3E0AF@w3.org>
To: public-web-security@w3.org, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
During TPAC, we had a breakout session to discuss a series of proposals regarding restricting sensitive APIs to secure or authenticated origins and other measures we could take to address the problem of pervasive monitoring [1].

I've cleaned up the minutes for your review:

In general, I heard:

* consensus that moving all traffic to TLS (or similar) in order to increase integrity is a goal
* interest in transition processes -- for moving features to HTTPS-only and for getting the industry as a whole (including hardware) to TLS
* possibilities for using DNSSEC for more secure browsing, with issues of performance and middleboxes

I would welcome additional takeaways that others in attendance had, or any additional conclusions since. I know this to be a topic of discussion in at least the following working groups:

* WebCrypto
* Geolocation
* WebAppSec
* WebRTC/Media Capture

As Giri mentioned during the breakout, Geolocation is having an open call for discussion of this topic, with some active discussion on this thread:

Thanks all for your participation at TPAC and for the broad discussion and effort to improve security on the Web.


[1] http://tools.ietf.org/html/rfc7258

Received on Friday, 7 November 2014 22:57:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:22 UTC