W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

CfC: Transition UPGRADE to CR; deadline Aug 26th.

From: Mike West <mkwst@google.com>
Date: Wed, 12 Aug 2015 21:36:28 +0200
Message-ID: <CAKXHy=eYmdt2GMORB7WZ88TFQWF=Mb9Xu8yLR+e+OyDK-x2fYQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Brian Smith <brian@briansmith.org>
Hello, WebAppSec!

We have two interoperable implementations of UPGRADE, and a number of
interesting sites (including the W3C's own site) are experimenting with
implementing the header. Based on our discussion at the face-to-face
meeting a few weeks back, I think there's general consensus that the
UPGRADE spec is probably ready to advance at this point.

This is a call for consensus to transition to Candidate Recommendation with
the document at:

https://w3c.github.io/webappsec/specs/upgrade/published/2015-09-CR.html

As Chrome and Firefox have broadly similar implementations of the complete
spec (I think Firefox still needs to add the signaling header?), I don't
believe we need to mark anything in the document as "at risk".

I think there are two open questions about the transition:

1. The document uses the WHATWG's definition of Workers, as the algorithms
there have an understanding of the "environment settings object" mechanics
that we're using throughout this document and Fetch. The W3C's HTML5
document does not include Workers, and http://www.w3.org/TR/workers/ is
quite out of date. Referencing the WHATWG doc seems like the sane thing to
do, but I suspect folks might not be thrilled about it. *shrug*

2. Brian suggested early on that UPGRADE and MIX should be defined in a
single document. I disagreed. We discussed that during the MIX transition
to CR (way back in February)[1,2,3], and I think we still have different
opinions on the topic. I'd like to use this CfC as a forcing function in
the hopes that someone other than Brian and I will weigh in with an
opinion. :)

Those questions to the side, the deadline for this CfC is two weeks from
today, August 26th. As always, explicit feedback to public-webappsec@w3.org is
appreciated. :)

Thanks!

[1]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0295.html
[2]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0307.html
[3]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0324.html

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 12 August 2015 19:37:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC