On 11/3/2014 8:01 AM, Henri Sivonen wrote:
>> >Surely we want the right architecture. So if the WG wants to mandate TLS,
>> >they should.
> I think there's also a need to deal with the case where the WG doesn't
> really want to mandate TLS even when mandating TLS in needed. That is,
> there's a need of*early* oversight for WGs that don't realize things
> early on their own initiative.
>
An interesting question is to understand how far you want to take this.
There is a range. At the "lightest" end of the spectrum these reviews
are to provide advice. At the "heaviest" end of the spectrum, failure
to achieve a certain level of security could be a reason for a REC to be
blocked. In that interpretation, EME and WebRTC could potentially still
be blocked.
When you say "deal with the case where the WG doesn't want to mandate
TLS even when it is needed" - I hear you on the more intrusive side of
the spectrum. Is that a correct interpretation?