Re: Require security review before FPWD

On 10/30/14 10:17 AM, Anne van Kesteren wrote:
> Without due security review implementers end up implementing drafts
> and then we cannot fix the broken security and privacy
> characteristics.
>
> See e.g. https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#128 and
> the rest of that thread for how hard it is to do this
> post-publication.
>
> Requiring TLS for an API is something that should be considered very early on.

Possible exception: if an editor or working group decides to split out a 
portion of a spec into a separate spec, I would hope that that could be 
done without triggering undue process implications.

- Sam Ruby

Received on Friday, 31 October 2014 17:36:14 UTC