W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2015

Re: CfC: Mixed Content to PR; deadline July 6th.

From: Brian Smith <brian@briansmith.org>
Date: Mon, 22 Jun 2015 13:00:40 -0700
Message-ID: <CAFewVt55TEDiPdQ9k9wNKO02f0ez8rQZSschH=kZ9GrOEjx56Q@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>, Brad Hill <hillbrad@gmail.com>, Kristijan Burnik <burnik@google.com>, Ryan Sleevi <sleevi@google.com>, Anne van Kesteren <annevk@annevk.nl>
On Mon, Jun 22, 2015 at 7:17 AM, Mike West <mkwst@google.com> wrote:

>
> https://w3c.github.io/webappsec/specs/mixedcontent/published/2015-07-PR.html
>
> This document is substantively the same as the CR, with the following
> normative changes:
>
> 1. I've dropped the "at risk" note for "deprecated TLS-protection":
> https://github.com/w3c/webappsec/commit/5dd23ba69ecd39a45eceff86533dfb91f0ab645c
> (CCing Brian, who I believe was interested in the opposite, and Ryan, who
> might or might not have implemented the SHA-1 bits for Chrome).
>

I don't have any problem with the idea of specifying/recommending
particular behavior for "deprecated TLS-protection." I think whether or not
it should remain in the spec, at this point, depends on whether at least
two independent implementations of it currently exist.

Cheers,
Brian
Received on Monday, 22 June 2015 20:01:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC