- From: Mike West <mkwst@google.com>
- Date: Mon, 22 Jun 2015 16:17:34 +0200
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Cc: Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>, Brad Hill <hillbrad@gmail.com>, Kristijan Burnik <burnik@google.com>, Brian Smith <brian@briansmith.org>, Ryan Sleevi <sleevi@google.com>, Anne van Kesteren <annevk@annevk.nl>
- Message-ID: <CAKXHy=d2vMhCJKLhpBSd5+QBDjQCuKUimLePxj+ye3WDg_Kdnw@mail.gmail.com>
Hello, webappsecians! Mixed Content (http://www.w3.org/TR/mixed-content/) has been up as a candidate recommendation since March 17th. The final patent exclusion period expired on May 17th ( https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0178.html). In the CR, we suggested that a transition to proposed recommendation could be possible after a comment period extending through July 1st. As that date is rapidly approaching, this is a Call for Consensus to transition to Proposed Recommendation based on the version of the document at: https://w3c.github.io/webappsec/specs/mixedcontent/published/2015-07-PR.html This document is substantively the same as the CR, with the following normative changes: 1. I've dropped the "at risk" note for "deprecated TLS-protection": https://github.com/w3c/webappsec/commit/5dd23ba69ecd39a45eceff86533dfb91f0ab645c (CCing Brian, who I believe was interested in the opposite, and Ryan, who might or might not have implemented the SHA-1 bits for Chrome). 2. The CA/B forum's "baseline requirements" were inadvertently listed as a normative reference. The new draft correctly lists them as informative: https://github.com/w3c/webappsec/commit/90067b887e16d259dc01f712c7a48a0ab6e3f583 . A full list of changes can be found at https://github.com/w3c/webappsec/commits/master/specs/mixedcontent/index.src.html (and they're almost all in response to =JeffH's comments at https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0107.html). Kristijan is putting the finishing touches on an extensive test suite at https://github.com/w3c/web-platform-tests/pull/1889, and we expect it to land in the near future. Interested folks are encouraged to play around with the suite now. We expect substantial agreement on behavior across Chrome, Firefox, Internet Explorer/Edge, and (hooray!) the beta release of Safari on iOS9 and El Cap. If you have any comments or concerns regarding this CfC, please reply to public-webappsec@w3.org by the end of June 6th at the latest. Silence will be interpreted as glowing praise and full-throated agreement, but I'd encourage you to praise full-throatedly, glowingly, _and_ explicitly on the list. :) Thanks! -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 22 June 2015 14:18:22 UTC