Hello, WebAppSec! On the Feb. 9th call[1], we concluded that it was probably time to take the Mixed Content spec to CR. To that end, I've published a draft CR document at https://w3c.github.io/webappsec/specs/mixedcontent/published/2015-02-CR.html . I believe the only open question is whether or not to merge the "Upgrade insecure requests" draft into the Mixed Content draft. Brian suggested doing so in [3]. I've responded at [4], but I'd like to explicitly request feedback on this topic from the rest of the list. I see ~3ish paths forward: 1. Publish MIX as-is, and work on the upgrade spec as a separate document. 2. Publish MIX as-is, and integrate the upgrade spec into MIX Level 2. 3. Integrate the upgrade spec into MIX, and hold off on the CR transition. I'd prefer #1, for the reasons outlined in [4]. What do you think (especially you folks who are CCd on this thread)? In any event, a complete list of changes to the mixed content spec since the November 13th Last Call draft[2] can be found at [5]. Please send any and all comments to public-webappsec@w3.org. Feedback is encouraged. :) This CfC will end with our next scheduled call, on Feb 23rd. [1]: http://www.w3.org/2015/02/09-webappsec-minutes.html#item04 [2]: http://www.w3.org/TR/2014/WD-mixed-content-20141113/ [3]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0222.html [4]: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0239.html [5]: https://github.com/w3c/webappsec/commits/master/specs/mixedcontent/index.src.html -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 16 February 2015 15:03:43 UTC