Last Call for MIX ended yesterday, and we got a good deal of good feedback. Thank you! I see three items that haven't been clearly dealt with: 1. Brian, you suggested that "deprecated TLS-protection" ought to be removed from the spec, if only because no one has implemented it yet. Would you be satisfied with marking the concept as "at risk" when entering CR? Chrome certainly will have an implementation, probably before CR is published, and it's entirely possible that someone at Mozilla will decide that the concept is both sane and worth implementing. Seems like a good compromise, and very much in-line with CR as a "call for implementations". 2. David, were my responses to your questions in http://lists.w3.org/Archives/Public/public-webappsec/2014Dec/0053.html sufficient (modulo the additional examples you requested), or do you believe we need to normatively modify the spec in some way? 3. Michael, did Brad's proposed changes to the spec ( http://lists.w3.org/Archives/Public/public-webappsec/2014Dec/0048.html) sufficiently address your concerns? Are there other pieces of feedback I've missed, or whose authors believe haven't been adequately addressed? Barring negative responses here, I'd like to issue a CfC next week to kick off the formal process of moving to CR. Thanks! -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 12 December 2014 15:32:08 UTC