Re: CSS3 UI spec with in-line security/privacy review from Tantek Çelik on 2015-05-14 (public-privacy@w3.org from April to June 2015)

From: Tantek Çelik <tantek@cs.stanford.edu>
Date: Wed, 13 May 2015 18:39:28 -0700
To: David Singer <singer@apple.com>
Cc: Joseph Lorenzo Hall <joe@cdt.org>, Wendy Seltzer <wseltzer@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, tantek <tantek@cs.stanford.edu>
Message-ID: <CAEV2_WZ_LONi-iH=t1GRNeHUzQoDvKB2LNJHybARjZi1+p16jA@mail.gmail.com>

Nick was also invited to (and at) the TAG meeting in SF that I was at
a few weeks ago when the TAG resolved to take up maintenance and
publication of the S&P survey based on my and Mike West's discussion
of it:

https://w3ctag.github.io/security-questionnaire/

Some more background on what I presented:

http://tantek.com/2015/068/b1/security-towards-minimum-viable-web-platform

My understanding is that there's a broad interest in input on this
from the TAG - and I suggest directly asking questions (like the
below) and follow-ups on the TAG mailing list. Feel free to say I sent
you.

Thanks,

Tantek



On Wed, May 13, 2015 at 11:30 AM, David Singer <singer@apple.com> wrote:
> I was going to ask
>
> * Would this set of questions have caught the infamous ‘link visited’ exposure?
>
> (They are good questions, nonetheless)
>
>> On May 13, 2015, at 8:05 , Joseph Lorenzo Hall <joe@cdt.org> wrote:
>>
>> I hadn't seen the TAG self-questionaire:
>>
>> https://w3ctag.github.io/security-questionnaire/
>>
>> Was PING involved with that? How might this jive with Nick's wiki-fied
>> checklist?
>>
>> best, Joe
>>
>> On Wed, May 13, 2015 at 11:03 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
>>> correcting the link:
>>>
>>> http://dev.w3.org/csswg/css-ui/#security-privacy-considerations
>>>
>>> On Wed, May 13, 2015 at 12:27 AM, Wendy Seltzer <wseltzer@w3.org> wrote:
>>>> Hi PING,
>>>>
>>>> Tantek Çelik shared this draft from the CSS WG, in which he added an
>>>> in-line response to the security and privacy self-review: Appendix C.
>>>> Considerations for Security and Privacy
>>>>
>>>> http://dev.w3.org/csswg/css-ui/#security-privacy-considerationsn
>>>>
>>>> This seems like a great practice to recommend. Shall we discuss during
>>>> the PING call?
>>>>
>>>> --Wendy
>>>> --
>>>> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
>>>> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
>>>> http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Joseph Lorenzo Hall
>>> Chief Technologist
>>> Center for Democracy & Technology
>>> 1634 I ST NW STE 1100
>>> Washington DC 20006-4011
>>> (p) 202-407-8825
>>> (f) 202-637-0968
>>> joe@cdt.org
>>> PGP: https://josephhall.org/gpg-key
>>> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>
>>
>>
>> --
>> Joseph Lorenzo Hall
>> Chief Technologist
>> Center for Democracy & Technology
>> 1634 I ST NW STE 1100
>> Washington DC 20006-4011
>> (p) 202-407-8825
>> (f) 202-637-0968
>> joe@cdt.org
>> PGP: https://josephhall.org/gpg-key
>> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>
>
> David Singer
> Manager, Software Standards, Apple Inc.
>

Received on Thursday, 14 May 2015 01:40:36 UTC