W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: CfC: Mixed Content to Last Call?

From: Brad Hill <hillbrad@gmail.com>
Date: Fri, 7 Nov 2014 09:48:29 -0800
Message-ID: <CAEeYn8i7HBuKVDR_bZUPNWeRC0D+0Qg4soZkeRcxxEXZhEa1Pg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevk@annevk.nl>, Mark Nottingham <mnot@mnot.net>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
Sounds great to me, thanks, Mike!

On Fri, Nov 7, 2014 at 6:31 AM, Mike West <mkwst@google.com> wrote:
> No one objected, and I think we're close enough to resolution of the other
> threads that it makes sense to move to LC. Brad, Dan, Wendy, WDYT? May we
> proceed to publishing a LCWD?
>
> I'd suggest a month or so to get feedback, and I'll be sure to poke at
> related groups.
>
> If that sounds reasonable, do you think we could get
> http://w3c.github.io/webappsec/specs/mixedcontent/published/2014-11-11-MIX-LCWD.html
> published on Tuesday? (I've run it through pubrules, linkchecker, and the
> validator, which should be enough for anyone. :) ).
>
> -mike
>
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>
> On Wed, Oct 29, 2014 at 4:06 PM, Mike West <mkwst@google.com> wrote:
>>
>> I think we're getting pretty close to pushing the mixed content spec to
>> Last Call. The interesting bits I know of have been resolved by:
>>
>> 1. Dropping the public/private distinction from MIX, kicking it out to
>> "Secure Introduction of Internet-Connected Things"[1] which folks are
>> discussing separately.
>>
>> 2. Moving the TLS checks to a new attribute on the Request's client, and
>> on the Response, which Anne was kind enough to add to Fetch for me. It's
>> currently named "authentication state", which probably needs some
>> bikeshedding, but the name shouldn't block progress on MIX.
>>
>> 3. The TAG's substantive feedback (handcrafted and delivered by mnot@) has
>> been addressed, and we can discuss resolution of the nits during the last
>> call phase.
>>
>> I don't believe there are any substantive controversies remaining, but if
>> I've missed anything, this CfC is a nice forcing function to get it out into
>> the open. :)
>>
>> Please read through the current draft, up for review at
>> https://w3c.github.io/webappsec/specs/mixedcontent/, and send comments to
>> public-webappsec@w3.org. Positive feedback is encouraged!
>>
>> This CfC will end in a week, on November 5th, 2014.
>>
>> Thanks!
>>
>> [1]:
>> https://readable-email.org/list/public-webappsec/topic/secure-introduction-of-internet-connected-things-was-re-webappsec-agenda-for-monday-teleconference-2014-10-20-12-00-pdt
>>
>> --
>> Mike West <mkwst@google.com>
>> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>>
>> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
>> Registergericht und -nummer: Hamburg, HRB 86891
>> Sitz der Gesellschaft: Hamburg
>> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>
>
Received on Friday, 7 November 2014 17:48:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC