- From: Mike West <mkwst@google.com>
- Date: Wed, 12 Aug 2015 21:36:28 +0200
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Cc: Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Brian Smith <brian@briansmith.org>
- Message-ID: <CAKXHy=eYmdt2GMORB7WZ88TFQWF=Mb9Xu8yLR+e+OyDK-x2fYQ@mail.gmail.com>
Hello, WebAppSec! We have two interoperable implementations of UPGRADE, and a number of interesting sites (including the W3C's own site) are experimenting with implementing the header. Based on our discussion at the face-to-face meeting a few weeks back, I think there's general consensus that the UPGRADE spec is probably ready to advance at this point. This is a call for consensus to transition to Candidate Recommendation with the document at: https://w3c.github.io/webappsec/specs/upgrade/published/2015-09-CR.html As Chrome and Firefox have broadly similar implementations of the complete spec (I think Firefox still needs to add the signaling header?), I don't believe we need to mark anything in the document as "at risk". I think there are two open questions about the transition: 1. The document uses the WHATWG's definition of Workers, as the algorithms there have an understanding of the "environment settings object" mechanics that we're using throughout this document and Fetch. The W3C's HTML5 document does not include Workers, and http://www.w3.org/TR/workers/ is quite out of date. Referencing the WHATWG doc seems like the sane thing to do, but I suspect folks might not be thrilled about it. *shrug* 2. Brian suggested early on that UPGRADE and MIX should be defined in a single document. I disagreed. We discussed that during the MIX transition to CR (way back in February)[1,2,3], and I think we still have different opinions on the topic. I'd like to use this CfC as a forcing function in the hopes that someone other than Brian and I will weigh in with an opinion. :) Those questions to the side, the deadline for this CfC is two weeks from today, August 26th. As always, explicit feedback to public-webappsec@w3.org is appreciated. :) Thanks! [1]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0295.html [2]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0307.html [3]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0324.html -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 12 August 2015 19:37:17 UTC