[nel] privacy+security spec feedback

Received lots of great spec feedback from Chrome's security/privacy review
this week, plus feedback from Marcos & Patrick @ Mozilla (thanks guys!).
Corresponding bugs:

-----

(a) Clarify report delivery to be restricted to https scheme
https://github.com/w3c/network-error-logging/issues/46

(b) "MUST log error" -> "SHOULD log error"
https://github.com/w3c/network-error-logging/commit/35fe1c564d180f1fd32d32e64223af8d3cb471a5

(c) Restrict report-uri's to absolute URIs
https://github.com/w3c/network-error-logging/issues/44

(d) Referer reporting should be subject to Referer policy
https://github.com/w3c/network-error-logging/issues/43

(e) NEL registration should be based on origin & restricted to HTTPS
https://github.com/w3c/network-error-logging/issues/42

(f) Provide privacy section
https://github.com/w3c/network-error-logging/issues/45

-----

If you have any thoughts or comments on any of the above, please ping the
appropriate GH threads! I'll try to have the pulls to address all of the
above in time for our conf call next week.

ig

Received on Friday, 20 March 2015 18:03:19 UTC