W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

CfC: Republish MIX as CR; deadline July 29th.

From: Mike West <mkwst@google.com>
Date: Wed, 22 Jul 2015 13:46:01 +0200
Message-ID: <CAKXHy=cdssABVc=-7p_Dpc_HkzhJ87+=fHKuQ+OBST1F4k1qbA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>
This is a CfC to take the following version of MIX back to CR for another
month:

https://w3c.github.io/webappsec/specs/mixedcontent/published/2015-08-CR.html

Based on feedback during the review period for MIX, we've made two
substantive changes to the document since the CR we published in February:

1. We dropped the "Deprecated TLS-protection" concept which was marked as
"at-risk" in the original CR.

2. As discussed in
https://lists.w3.org/Archives/Public/public-webappsec/2015Jul/0137.html,
we've changed MIX to handle passthrough `fetch()` requests inside Service
Workers as optionally-blockable if they're triggered from
optionally-blockable Document-generated requests.

Other editorial changes which can be found in their entirety at
https://github.com/w3c/webappsec/commits/master/specs/mixedcontent/index.src.html
.

Also of note: we now have substantial test coverage at
https://github.com/w3c/web-platform-tests/tree/master/mixed-content. We'll
need to add tests for the Service Worker behavior we expect to see now, but
there's already very solid overlap in behavior between Chrome, Firefox,
Safari, and IE, such that I hope advancement to PR will be relatively
straightforward.

The deadline for this CfC is one week from today, July 29th. As always,
explicit feedback to public-webappsec@w3.org is appreciated. :)

Thanks!

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 22 July 2015 11:46:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC