W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

CfC: Transition Mixed Content to CR; deadline Feb 23rd.

From: Mike West <mkwst@google.com>
Date: Mon, 16 Feb 2015 16:02:48 +0100
Message-ID: <CAKXHy=dPUa=TWq+=krb1sWxk5J5acnWPC9x_3wWe8fq_K3SnGQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>
Cc: Tanvi Vyas <tanvi@mozilla.com>, David Walp <David.Walp@microsoft.com>, Brian Smith <brian@briansmith.org>
Hello, WebAppSec!

On the Feb. 9th call[1], we concluded that it was probably time to take the
Mixed Content spec to CR. To that end, I've published a draft CR document
at
https://w3c.github.io/webappsec/specs/mixedcontent/published/2015-02-CR.html
.

I believe the only open question is whether or not to merge the "Upgrade
insecure requests" draft into the Mixed Content draft. Brian suggested
doing so in [3]. I've responded at [4], but I'd like to explicitly request
feedback on this topic from the rest of the list. I see ~3ish paths forward:

1. Publish MIX as-is, and work on the upgrade spec as a separate document.
2. Publish MIX as-is, and integrate the upgrade spec into MIX Level 2.
3. Integrate the upgrade spec into MIX, and hold off on the CR transition.

I'd prefer #1, for the reasons outlined in [4]. What do you think
(especially you folks who are CCd on this thread)?

In any event, a complete list of changes to the mixed content spec since
the November 13th Last Call draft[2] can be found at [5]. Please send any
and all comments to public-webappsec@w3.org. Feedback is encouraged. :)

This CfC will end with our next scheduled call, on Feb 23rd.

[1]: http://www.w3.org/2015/02/09-webappsec-minutes.html#item04
[2]: http://www.w3.org/TR/2014/WD-mixed-content-20141113/
[3]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0222.html
[4]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0239.html
[5]:
https://github.com/w3c/webappsec/commits/master/specs/mixedcontent/index.src.html

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany,
Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft:
Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 16 February 2015 15:03:43 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC