[transition] FPWD Request for "Post-Spectre Web Development" from sysbot+notifier@w3.org on 2021-03-09 (public-transition-announce@w3.org from March 2021)

From: <sysbot+notifier@w3.org>
Date: Tue, 09 Mar 2021 21:43:36 +0000
To: public-transition-announce@w3.org
Message-ID: <5fe96461-8c40-387d-edb3-0655a67cac12@w3.org>

This is a transition request for a new Proposed Recommendation
FPWD Request for "Post-Spectre Web Development"
from https://github.com/w3c/transitions/issues/321

# Document title, URLs, estimated publication date

**Title**: Post-Spectre Web Development
**URL**: https://w3c.github.io/webappsec-post-spectre-webdev/fpwd.html
**Date**: Soon?

# Abstract

Post-Spectre, we need to adopt some new strategies for safe and secure web development. This document outlines a threat model we can share, and a set of mitigation recommendations.

TL;DR: Your data must not unexpectedly enter an attacker’s process.

# Status

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

This document was published by the Web Application Security Working Group as a Working Draft. This document is intended to become a W3C Note.

The (archived) public mailing list public-webappsec@w3.org (see instructions) is preferred for discussion of this specification. When sending e-mail, please put the text “post-spectre-webdev” in the subject, preferably like this: “[post-spectre-webdev] …summary of comment…”

This document is a First Public Working Draft.

Publication as a First Public Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by the Web Application Security Working Group.

This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 15 September 2020 W3C Process Document.

# Is it a delta specification intended to become a W3C Recommendation?

No. This is intended to become a NOTE after some iteration.

# Link to group's decision to request transition

https://lists.w3.org/Archives/Public/public-webappsec/2021Mar/0014.html

# Information about implementations known to the Working Group

Chromium, Gecko, and WebKit all implement some or all of the mitigations recommended in this document.

_/cc @dveditz @wseltzer @samuelweiler to verify that I'm holding this form right._

--
This email was generated automatically using https://github.com/w3c/transition-issues-bot

Received on Tuesday, 9 March 2021 21:43:42 UTC