[w3ctag/design-reviews] CSP report-hash directive (Issue #1020) from Yoav Weiss on 2024-11-26 (public-webapps-github@w3.org from November 2024)

From: Yoav Weiss <notifications@github.com>
Date: Tue, 26 Nov 2024 05:03:43 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/1020@github.com>

こんにちは TAG-さん!

I'm requesting a TAG review of {{feature}}.

{{One paragraph summary of the feature, ideally copy-pasted from your Explainer.}}

  - Explainer¹: https://github.com/w3c/webappsec-csp/pull/693#issue-2692363906
  - Specification: https://github.com/w3c/webappsec-csp/pull/693
  - WPT Tests: https://chromium-review.googlesource.com/c/chromium/src/+/6038298/11/third_party/blink/web_tests/external/wpt/content-security-policy/report-hash.https.html
  - User research: N/A
  - Security and Privacy self-review²: https://gist.github.com/yoavweiss/911099e2e28ac2917ba342283243f698
  - GitHub repo: https://github.com/w3c/webappsec-csp
  - Primary contacts:
      - Yoav Weiss (@yoavweiss), Shopify, implementer
  - Organization/project driving the specification: Shopify
  - Multi-stakeholder support³:
    - Chromium comments:
    - Mozilla comments: https://github.com/mozilla/standards-positions/issues/NNN
    - WebKit comments: https://github.com/WebKit/standards-positions/issues/NNN
    - {{...include feedback/review from developers, implementers, civil society, and others}}
  - Status/issue trackers for implementations⁴:
    - https://chromestatus.com/feature/6337535507431424


Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - Relevant time constraints or deadlines: As the relevant security standards go into effect in March 2025, I'd like to ship this in the next month or so.
  - The group where the work on this specification is currently being done: WebAppSec
  - The group where standardization of this work is intended to be done (if different from the current group):
  - Major unresolved issues with or opposition to this specification:
  - This work is being funded by: Shopify

You should also know that this work is critical for [PCI-DSS v4](https://east.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss) - [context](https://docs.google.com/document/d/1RcUpbpWPxXTyW0Qwczs9GCTLPD3-LcbbhL4ooBUevTM/edit?tab=t.0#heading=h.dzquzu6onmmy).




-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/1020
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/1020@github.com>

Received on Tuesday, 26 November 2024 13:03:47 UTC