- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 30 Oct 2014 18:17:58 +0100
- To: public-w3process <public-w3process@w3.org>
Without due security review implementers end up implementing drafts and then we cannot fix the broken security and privacy characteristics. See e.g. https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#128 and the rest of that thread for how hard it is to do this post-publication. Requiring TLS for an API is something that should be considered very early on. -- https://annevankesteren.nl/
Received on Thursday, 30 October 2014 17:18:25 UTC