- From: Mike West <mkwst@google.com>
- Date: Fri, 21 Nov 2014 17:12:56 +0100
- To: Mark Watson <watsonm@netflix.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@fb.com>
- Message-ID: <CAKXHy=e2sRS5Odwh4=BE4cLoyT6EEFzmenn0FY3h59cFQCc8BA@mail.gmail.com>
On Fri, Nov 21, 2014 at 4:47 PM, Mark Watson <watsonm@netflix.com> wrote: > > The algorithm "May document use powerful features" pre-judges the kind of > questions I asked at the end of my mail below, whilst the discussions of > the definitions are still in progress (and particularly the definition of > "powerful features"). > Ah, you're talking about the algorithm names. Now I understand the concern, thank you for explaining. I've changed these in https://github.com/w3c/webappsec/commit/7872ee53dbe6fb1e1b92e219c4ff24e9172ff553 to "Is |document| a sufficiently secure context?" and "Is |environment settings object| a sufficiently secure context?" respectively. > I think it might be hard to come up with a universally agreed definition > of "Powerful features", so by decoupling things you have option (2) in the > meantime. > I'm more optimistic on this point than you seem to be, but I totally agree with the thrust of the critique: the document currently separates the outline of "powerful features"[1] and the requirements for secure contexts[2] in a way that I hope now addresses your concerns. [1]: https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-feature-powerful [2]: https://w3c.github.io/webappsec/specs/powerfulfeatures/#algorithms -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 21 November 2014 16:19:40 UTC