- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 18 Sep 2009 22:30:15 -0700
- To: "=JeffH" <Jeff.Hodges@kingsmountain.com>
- Cc: public-webapps@w3.org, Jeff Hodges <jeff.hodges@paypal.com>, Adam Barth <abarth@eecs.berkeley.edu>, Collin Jackson <collin.jackson@sv.cmu.edu>
On Fri, Sep 18, 2009 at 6:00 PM, =JeffH <Jeff.Hodges@kingsmountain.com> wrote: > We are interested in bringing this work to W3C WebApps Working Group as a > Recommendation-track specification. We are willing to license it under W3C > terms, we understand that it may change due to implementer or public > feedback, > and that should it be of interest to other implementors, we're willing to > contribute to editorial and test suite efforts. > > We're looking forward to the WebApps WG's feedback and comments. This definitely looks very interesting. I am admittedly a bit worried about requests to one url to a server affecting any subsequent requests to not just that server, but also to any subdomain. I wonder for example if the client when receiving a Strict-Transport-Security header should make a request to the root url of the same origin to verify that the server indeed wants to opt in to STS. However, I definitely think this is a draft worth publishing in order to reach a broader group of people for comments. But, while I don't personally care which standards organization is in charge of publishing this, I suspect that you'll get the feedback that IETF is the correct place to publish this spec. / Jonas
Received on Saturday, 19 September 2009 05:31:14 UTC