Re: [webappsec] Call for Consensus: Content Security Policy 1.0 to Candidate Recommendation from Tanvi Vyas on 2012-09-07 (public-webappsec@w3.org from September 2012)

From: Tanvi Vyas <tanvi@mozilla.com>
Date: Thu, 06 Sep 2012 17:25:54 -0700
To: public-webappsec@w3.org
Message-ID: <50493F12.4030604@mozilla.com>
> Additionally, we must record that we have met the WG's charter 
> requirement that two independent implementations exist of every major 
> feature and precisely identify any features that are "at risk".  In 
> support of this, I encourage user agent authors in the group to please 
> self-report on their implementation status at this time.

Mozilla is actively working on updating Firefox's CSP implementation to 
comply with the CSP 1.0 spec.  For more information please see 
https://bugzilla.mozilla.org/show_bug.cgi?id=csp-w3c, which is our 
master bug.  It includes the list of dependent bugs that we are 
currently fixing.

Thanks!

~Tanvi



On 9/4/12 3:21 PM, Hill, Brad wrote:
>
> As discussed in our WebAppSec WG teleconference of 8/28, the editors 
> would like to publish Content Security Policy 1.0 as a Candidate 
> Recommendation and this is a Call for Consensus to do so:
>
> http://www.w3.org/TR/2012/WD-CSP-20120710/
>
> To advance to CR, the WG must: 
> (http://www.w3.org/2005/10/Process-20051014/tr.html#transition-reqs)
>
>  1. Record the group's decision to request advancement.
>  2. Provide public documentation of all changes (both substantive and
>     minor) to the technical report since the previous step. A
>     substantive change (whether deletion, inclusion, or other
>     modification) is one where someone could reasonably expect that
>     making the change would invalidate an individual's review or
>     implementation experience. Other changes (e.g., clarifications,
>     bug fixes, editorial repairs, and minor error corrections) are
>     minor changes.
>  3. Report which, if any, of the Working Group's requirements for this
>     document have changed since the previous step.
>  4. Report any changes in dependencies with other groups.
>  5. Show evidence of wide review.
>  6. Formally address
>     <http://www.w3.org/2005/10/Process-20051014/policies.html#formal-address>
>     all issues raised about the document since the previous step.
>  7. Report any Formal Objections
>     <http://www.w3.org/2005/10/Process-20051014/policies.html#FormalObjection>.
>
> This CfC satisfies requirement #1 to "record the group's decision to 
> request advancement" and a final opportunity to raise issues or 
> objections to the content of the document.
>
> Additionally, we must record that we have met the WG's charter 
> requirement that two independent implementations exist of every major 
> feature and precisely identify any features that are "at risk".  In 
> support of this, I encourage user agent authors in the group to please 
> self-report on their implementation status at this time.
>
> Positive response to this CfC is preferred and encouraged and silence 
> will be considered as agreement with the proposal. The deadline for 
> comments is September 11. Please send all comments to:
>
> public-webappsec@w3.org <mailto:public-webappsec@w3.org>
>
> Following advancement to CR, we will issue a Call for Implementations 
> which will serve as a signal to the community to begin using and 
> honoring the standard CSP header without vendor prefixing.  After 
> again meeting the general steps for advancement documented herein, 
> developing a test suite to prove that two compatible and interoperable 
> implementations exist of each feature, and review by the Advisory 
> Committee, the report can next advance to Proposed Recommendation.
>
> Thank you,
>
> -Brad Hill
>
Received on Friday, 7 September 2012 00:26:23 UTC