W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: Transition Request: Subresource Integrity to FPWD

From: Wendy Seltzer <wseltzer@w3.org>
Date: Thu, 20 Mar 2014 10:11:15 -0400
Message-ID: <532AF703.6000005@w3.org>
To: "Henry S. Thompson" <ht@inf.ed.ac.uk>, "Hill\, Brad" <bhill@paypal.com>
CC: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi Henry,
(moving chairs to bcc, +public-webappsec)

On 03/20/2014 09:32 AM, Henry S. Thompson wrote:
> So I'm curious, perhaps even concerned, about the overlap between this
> work and the IETF.  Is the WG, or are you personally, regularly in
> touch with the right people at the IETF to be sure you're not stepping
> on toes over there, with respect to WebAppSec in general, and this
> document's proposals in particular?

What coordination are you thinking about? In general, Philippe and I are
liaising with IETF and watching the saag and websec work, but if there's
something you think we're missing, please say more.
> 
> Um, and I'm even _more_ concerned because in trying to understand this
> spec, I read (section 3.4) that it is essentially a set of
> modifications to something called "the Fetch spec", which is not
> linked to, or in the References section, or otherwise identified.
> This should not have been allowed to be published in this state!

Fetch is in HTML5,
http://dev.w3.org/html5/spec-LC/fetching-resources.html

--Wendy


-- 
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
Received on Thursday, 20 March 2014 14:11:32 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC