I think we're getting pretty close to pushing the mixed content spec to Last Call. The interesting bits I know of have been resolved by: 1. Dropping the public/private distinction from MIX, kicking it out to "Secure Introduction of Internet-Connected Things"[1] which folks are discussing separately. 2. Moving the TLS checks to a new attribute on the Request's client, and on the Response, which Anne was kind enough to add to Fetch for me. It's currently named "authentication state", which probably needs some bikeshedding, but the name shouldn't block progress on MIX. 3. The TAG's substantive feedback (handcrafted and delivered by mnot@) has been addressed, and we can discuss resolution of the nits during the last call phase. I don't believe there are any substantive controversies remaining, but if I've missed anything, this CfC is a nice forcing function to get it out into the open. :) Please read through the current draft, up for review at https://w3c.github.io/webappsec/specs/mixedcontent/, and send comments to public-webappsec@w3.org. Positive feedback is encouraged! This CfC will end in a week, on November 5th, 2014. Thanks! [1]: https://readable-email.org/list/public-webappsec/topic/secure-introduction-of-internet-connected-things-was-re-webappsec-agenda-for-monday-teleconference-2014-10-20-12-00-pdt -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 29 October 2014 15:07:24 UTC