Re: CfC: Republish MIX as CR; deadline July 29th. from Mike West on 2015-08-09 (public-webappsec@w3.org from August 2015)

From: Mike West <mkwst@google.com>
Date: Sun, 9 Aug 2015 07:44:43 +0200
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Brian Smith <brian@briansmith.org>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=eVYLcfw8RXprQgx9vo_YtgTpr9709RTsv33n6QDXRCsA@mail.gmail.com>

On Thu, Aug 6, 2015 at 11:20 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>
> > IMO, it is better to do in Fetch, because then (a) more specifications
> can
> > reference it, (b) people working on changing Fetch and Fetch-based things
> > may more easily notice that it is something that needs to be considered.
> and
> > (c) it is easy to tweak the Fetch spec to improve the definition later,
> if
> > necessary, than it is to improve MIX.
>
> (c) seems like a bug.

Yes and no, but it's certainly true that we're moving slower than I'd like
on this and other specs. That's partially a process problem, and partially
a "Mike is doing too many things at once, and all poorly." problem.

> (b) rings true. As for (a), nobody could think
> of any other specifications. The other problem I have is how I would
> go about defining this.
>

I've taken a stab at this question in
https://github.com/w3c/webappsec/commit/4ddce9f4c7f17c1675a87f84911f3cd6248239f0
(which really just moves around and clarifies the checks already being done
in the spec (and is more easily readable in
https://w3c.github.io/webappsec/specs/mixedcontent/#is-passthrough and the
other algorithm sections)). Adding a bit to the request might be cleaner,
but if the set of properties MIX relies on are in fact reliable, then
there's probably not a real need to add the bit.

WDYT, Brian and Anne?

-mike

Received on Sunday, 9 August 2015 05:45:31 UTC