Last Call for MIX ended yesterday, and we got a good deal of good feedback.
Thank you!
I see three items that haven't been clearly dealt with:
1. Brian, you suggested that "deprecated TLS-protection" ought to be
removed from the spec, if only because no one has implemented it yet. Would
you be satisfied with marking the concept as "at risk" when entering CR?
Chrome certainly will have an implementation, probably before CR is
published, and it's entirely possible that someone at Mozilla will decide
that the concept is both sane and worth implementing. Seems like a good
compromise, and very much in-line with CR as a "call for implementations".
2. David, were my responses to your questions in
http://lists.w3.org/Archives/Public/public-webappsec/2014Dec/0053.html
sufficient (modulo the additional examples you requested), or do you
believe we need to normatively modify the spec in some way?
3. Michael, did Brad's proposed changes to the spec (
http://lists.w3.org/Archives/Public/public-webappsec/2014Dec/0048.html)
sufficiently address your concerns?
Are there other pieces of feedback I've missed, or whose authors believe
haven't been adequately addressed? Barring negative responses here, I'd
like to issue a CfC next week to kick off the formal process of moving to
CR.
Thanks!
--
Mike West <mkwst@google.com>, @mikewest
Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)