W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.

From: Brian Smith <brian@briansmith.org>
Date: Wed, 11 Feb 2015 12:04:36 -0800
Message-ID: <CAFewVt6LXA41VoNkH2uohfVRLZbmrhZku-UDHcUevYJ78AqUsg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>, Peter Eckersley <pde@eff.org>, yan zhu <yan@mit.edu>
Mike West <mkwst@google.com> wrote:
> This is a call for consensus to publish* the following draft of "Upgrade
> Insecure Resources" as a First Public Working Draft:
>
> https://w3c.github.io/webappsec/specs/upgrade/published/2015-02-FPWD.html

> WDYT? Please send comments to public-webappsec@w3.org. Positive feedback is
> encouraged. Negative feedback is encouraged. Anything other than a lack of
> feedback is encouraged. :)

I support this effort. However, this shouldn't be a separate spec from
MIX. I understand that from a document preparation perspective, there
are benefits to having things split up in multiple documents. However,
from the perspective of somebody trying to read such specifications,
having related content spread across multiple documents is confusing.
In this case, in particular, having one of the coping mechanisms for
the rest of MIX defined in a separate document is bad.

Maybe there is some concern that if we add this to MIX, then the rest
of MIX will be delayed. I am not sure that matters, practically. But,
if people feel like that is a concern, then we should just start a MIX
2 draft that is MIX + this feature.

Cheers,
Brian
Received on Wednesday, 11 February 2015 20:05:03 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC