Re: Require security review before FPWD

On Mon, Nov 3, 2014 at 1:10 PM, David Singer <> wrote:
> Since I have no idea how we got from ‘when is it required that an XXX review be done?’ to ‘has the W3C endorsed DRM?’ I can only conclude that we’re seriously at cross purposes.

I brought up EME as an example of where vendors implemented and
shipped something that is bad for security and privacy. Reviewers are
at a loss. You said vendors should follow the W3C. I argued that such
an argument did not apply here as the W3C has not made up its made
mind (or so claims the leadership).

> I don’t want the w3c to encourage people to implement specs that, if implemented would
> * put systems at risk (security issue)
> * put people’s privacy at risk
> * have significant issues in deployment across some languages or scripts (i18n issue)
> * have significant issues in accessibility

>From EME and WebRTC it seems we can derive that the W3C publishing
something is enough of an indication for vendors to start shipping.
Whether encouraged by the W3C or not. Each of those has security and
privacy issues raised, but due to deployed content it is unlikely
whether they can get solved. Neither is ready for CR.


Received on Monday, 3 November 2014 12:34:21 UTC