W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.

From: Mike West <mkwst@google.com>
Date: Tue, 10 Feb 2015 13:19:13 +0100
Message-ID: <CAKXHy=d_aWkB219NSVGYjSynuNDp-_04c-H0tBo0rYCnzS3Mxg@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>, Peter Eckersley <pde@eff.org>, yan zhu <yan@mit.edu>
This is a call for consensus to publish* the following draft of "Upgrade
Insecure Resources" as a First Public Working Draft:

https://w3c.github.io/webappsec/specs/upgrade/published/2015-02-FPWD.html

This document defines a mechanism which allows authors to instruct a user
agent to upgrade a priori insecure resource requests to secure transport
before Fetching them, with the goal of mitigating the mixed content risks
associated with migrating to HTTPS.

As the conversation has died down a little bit, and it appears that we have
an initial sketch of a solution that seems to meet at least most of the
requirements we've discussed, I'd like to keep things rolling by getting
the document out to a wider audience for review.

WDYT? Please send comments to public-webappsec@w3.org. Positive feedback is
encouraged. Negative feedback is encouraged. Anything other than a lack of
feedback is encouraged. :)

This CfC will end in a week, on Feb 17th.

Thanks!

-mike

*It's not clear to me whether we need to wait for resolution on the
charter, or if we can publish this document under the "secure mixed
content" and "manageability" bits of the charter we're still operating
under (which it seems to pretty clearly fit into). Brad, Dan, Wendy, WDYT?

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Tuesday, 10 February 2015 12:20:01 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC