W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

CfC: Republish MIX as CR; deadline July 29th.

From: Mike West <mkwst@google.com>
Date: Wed, 22 Jul 2015 13:46:01 +0200
Message-ID: <CAKXHy=cdssABVc=-7p_Dpc_HkzhJ87+=fHKuQ+OBST1F4k1qbA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>
This is a CfC to take the following version of MIX back to CR for another


Based on feedback during the review period for MIX, we've made two
substantive changes to the document since the CR we published in February:

1. We dropped the "Deprecated TLS-protection" concept which was marked as
"at-risk" in the original CR.

2. As discussed in
we've changed MIX to handle passthrough `fetch()` requests inside Service
Workers as optionally-blockable if they're triggered from
optionally-blockable Document-generated requests.

Other editorial changes which can be found in their entirety at

Also of note: we now have substantial test coverage at
https://github.com/w3c/web-platform-tests/tree/master/mixed-content. We'll
need to add tests for the Service Worker behavior we expect to see now, but
there's already very solid overlap in behavior between Chrome, Firefox,
Safari, and IE, such that I hope advancement to PR will be relatively

The deadline for this CfC is one week from today, July 29th. As always,
explicit feedback to public-webappsec@w3.org is appreciated. :)


Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 22 July 2015 11:46:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:50 UTC