This is a call for consensus to publish* the following draft of "Upgrade Insecure Resources" as a First Public Working Draft: https://w3c.github.io/webappsec/specs/upgrade/published/2015-02-FPWD.html This document defines a mechanism which allows authors to instruct a user agent to upgrade a priori insecure resource requests to secure transport before Fetching them, with the goal of mitigating the mixed content risks associated with migrating to HTTPS. As the conversation has died down a little bit, and it appears that we have an initial sketch of a solution that seems to meet at least most of the requirements we've discussed, I'd like to keep things rolling by getting the document out to a wider audience for review. WDYT? Please send comments to public-webappsec@w3.org. Positive feedback is encouraged. Negative feedback is encouraged. Anything other than a lack of feedback is encouraged. :) This CfC will end in a week, on Feb 17th. Thanks! -mike *It's not clear to me whether we need to wait for resolution on the charter, or if we can publish this document under the "secure mixed content" and "manageability" bits of the charter we're still operating under (which it seems to pretty clearly fit into). Brad, Dan, Wendy, WDYT? -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Tuesday, 10 February 2015 12:20:01 UTC