- From: John Lyle <john.lyle@cs.ox.ac.uk>
- Date: Tue, 29 Jan 2013 10:52:23 +0000
- To: public-sysapps@w3.org
On 29/01/13 10:31, Jonas Sicking wrote: > On Tue, Jan 29, 2013 at 2:26 AM, John Lyle <john.lyle@cs.ox.ac.uk> wrote: >> I would be happy to contribute to a merged proposal of [2] and [3] to help >> add further content about the threat model and requirements, if the editors >> think this would be helpful. > I think threat model and requirements is a large enough deliverable > that it's better done as a separate document. Would this be acceptable > to you? Sorry, I was being unclear - I didn't mean to impose the whole thing on the specification, but to assist with some of the sections that link to a threat model and security considerations. However, I think there would be enormous benefit to having a well-defined, separate set of requirements and threat model, and then being able to show how this is satisfied by the specification. I'm fearful that such a document might then be ignored, but if the working group agrees on its necessity and has a process for working with it, then I'd be very happy to work on the requirements and threat model some more. > I would imagine that the mozilla security team would be > interested in providing feedback to the document that you have written > up. > All feedback would be enthusiastically received. Yes please! Best wishes, John
Received on Tuesday, 29 January 2013 10:52:45 UTC