W3C home > Mailing lists > Public > public-w3process@w3.org > October 2014

Require security review before FPWD

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 30 Oct 2014 18:17:58 +0100
Message-ID: <CADnb78gZ-kjZJCusKd2YXSYKgC85riVw_tPW_jAu3qH_2pqiFg@mail.gmail.com>
To: public-w3process <public-w3process@w3.org>
Without due security review implementers end up implementing drafts
and then we cannot fix the broken security and privacy

See e.g. https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#128 and
the rest of that thread for how hard it is to do this

Requiring TLS for an API is something that should be considered very early on.

Received on Thursday, 30 October 2014 17:18:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:51:22 UTC