W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: CfC: Mixed Content to Last Call?

From: Mike West <mkwst@google.com>
Date: Fri, 7 Nov 2014 15:31:57 +0100
Message-ID: <CAKXHy=dxr9T9us55UoSEfVGA=HH_92CSPrKapWxDLazwxLMrJg@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Anne van Kesteren <annevk@annevk.nl>, Mark Nottingham <mnot@mnot.net>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
No one objected, and I think we're close enough to resolution of the other
threads that it makes sense to move to LC. Brad, Dan, Wendy, WDYT? May we
proceed to publishing a LCWD?

I'd suggest a month or so to get feedback, and I'll be sure to poke at
related groups.

If that sounds reasonable, do you think we could get
http://w3c.github.io/webappsec/specs/mixedcontent/published/2014-11-11-MIX-LCWD.html
published on Tuesday? (I've run it through pubrules, linkchecker, and the
validator, which should be enough for anyone. :) ).

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Wed, Oct 29, 2014 at 4:06 PM, Mike West <mkwst@google.com> wrote:

> I think we're getting pretty close to pushing the mixed content spec to
> Last Call. The interesting bits I know of have been resolved by:
>
> 1. Dropping the public/private distinction from MIX, kicking it out to
> "Secure Introduction of Internet-Connected Things"[1] which folks are
> discussing separately.
>
> 2. Moving the TLS checks to a new attribute on the Request's client, and
> on the Response, which Anne was kind enough to add to Fetch for me. It's
> currently named "authentication state", which probably needs some
> bikeshedding, but the name shouldn't block progress on MIX.
>
> 3. The TAG's substantive feedback (handcrafted and delivered by mnot@)
> has been addressed, and we can discuss resolution of the nits during the
> last call phase.
>
> I don't believe there are any substantive controversies remaining, but if
> I've missed anything, this CfC is a nice forcing function to get it out
> into the open. :)
>
> Please read through the current draft, up for review at
> https://w3c.github.io/webappsec/specs/mixedcontent/, and send comments to
> public-webappsec@w3.org. Positive feedback is encouraged!
>
> This CfC will end in a week, on November 5th, 2014.
>
> Thanks!
>
> [1]:
> https://readable-email.org/list/public-webappsec/topic/secure-introduction-of-internet-connected-things-was-re-webappsec-agenda-for-monday-teleconference-2014-10-20-12-00-pdt
>
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>
Received on Friday, 7 November 2014 14:32:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC