W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: Transition Request: Subresource Integrity to FPWD

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 20 Mar 2014 18:34:48 -0700
Message-ID: <532B9738.7050100@mozilla.com>
To: Wendy Seltzer <wseltzer@w3.org>, "Henry S. Thompson" <ht@inf.ed.ac.uk>, "Hill\, Brad" <bhill@paypal.com>
CC: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 3/20/2014 7:11 AM, Wendy Seltzer wrote:
> On 03/20/2014 09:32 AM, Henry S. Thompson wrote:
>> So I'm curious, perhaps even concerned, about the overlap between this
>> work and the IETF.  Is the WG, or are you personally, regularly in
>> touch with the right people at the IETF to be sure you're not stepping
>> on toes over there, with respect to WebAppSec in general, and this
>> document's proposals in particular?

We once tried to get this concept done in the IETF, in the form of "link
fingerprints".
http://www.gerv.net/security/link-fingerprints/

Mozilla even had an experimental implementation
https://bugzilla.mozilla.org/show_bug.cgi?id=377245

It got shut down in the IETF, with the suggestion that it didn't belong
in URLs but should rather be done as document metadata in the W3C. The
concept took a vacation for half a decade but that's where we now are:
in the W3C at the request of the IETF.

-Dan Veditz
Received on Friday, 21 March 2014 01:35:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC