- From: Josh Soref <jsoref@blackberry.com>
- Date: Fri, 14 Nov 2014 17:06:33 +0000
- To: David Singer <singer@apple.com>, "chaals@yandex-team.ru" <chaals@yandex-team.ru>
- CC: Henri Sivonen <hsivonen@hsivonen.fi>, Jeff Jaffe <jeff@w3.org>, "Anne van Kesteren" <annevk@annevk.nl>, Philippe Le Hegaret <plh@w3.org>, public-w3process <public-w3process@w3.org>
I agree w/ chaals that it doesn't make sense to use the Process to address this issue. It might make sense to ask that new proposals start out only available to TLS at FPWD and that a security review be done before vendors flip a switch to expose to non TLS content. This isn't a "REC should never allow non TLS access", but I wonder what the harm would be in "FPWD does not allow non TLS access". FPWD is roughly a proposal with a feature set, I'm not sure why a proposal with a feature set can't be sandbox tested only with TLS content. But really, doing this is more a question of getting browser vendors/developers to buy in to doing something more than W3 asking for something. It's the same problem as vendor Prefixing. We can ask for whatever, but unless vendors choose to do it, it doesn't happen. Note: I'm not actively requesting/encouraging what I'm describing above, it's just something that if vendors were willing to do seems like something that could perhaps work...
Received on Friday, 14 November 2014 17:07:01 UTC