- From: Wonsuk Lee <wonsuk11.lee@samsung.com>
- Date: Wed, 30 Jan 2013 17:15:50 +0900
- To: 'John Lyle' <john.lyle@cs.ox.ac.uk>
- Cc: public-sysapps@w3.org
Hi. John. > -----Original Message----- > From: John Lyle [mailto:john.lyle@cs.ox.ac.uk] > Sent: Tuesday, January 29, 2013 7:52 PM > To: public-sysapps@w3.org > Subject: Re: Request to make one proposal for execution model and security > model > > On 29/01/13 10:31, Jonas Sicking wrote: > > On Tue, Jan 29, 2013 at 2:26 AM, John Lyle <john.lyle@cs.ox.ac.uk> wrote: > >> I would be happy to contribute to a merged proposal of [2] and [3] to > >> help add further content about the threat model and requirements, if > >> the editors think this would be helpful. > > I think threat model and requirements is a large enough deliverable > > that it's better done as a separate document. Would this be acceptable > > to you? > > Sorry, I was being unclear - I didn't mean to impose the whole thing on > the specification, but to assist with some of the sections that link to a > threat model and security considerations. > > However, I think there would be enormous benefit to having a well-defined, > separate set of requirements and threat model, and then being able to show > how this is satisfied by the specification. I'm fearful that such a > document might then be ignored, but if the working group agrees on its > necessity and has a process for working with it, then I'd be very happy to > work on the requirements and threat model some more. I believe requirement and threat model document would be very valuable document to the WG and readers of our specs, even if that will be separate document as a W3C Note. Best regards, Wonsuk. > > I would imagine that the mozilla security team would be interested in > > providing feedback to the document that you have written up. > > > > All feedback would be enthusiastically received. Yes please! > > Best wishes, > > John
Received on Wednesday, 30 January 2013 08:16:41 UTC