Re: CfC: Mixed Content to PR; deadline July 6th.

On Mon, Jun 22, 2015 at 7:17 AM, Mike West <mkwst@google.com> wrote:

>
> https://w3c.github.io/webappsec/specs/mixedcontent/published/2015-07-PR.html
>
> This document is substantively the same as the CR, with the following
> normative changes:
>
> 1. I've dropped the "at risk" note for "deprecated TLS-protection":
> https://github.com/w3c/webappsec/commit/5dd23ba69ecd39a45eceff86533dfb91f0ab645c
> (CCing Brian, who I believe was interested in the opposite, and Ryan, who
> might or might not have implemented the SHA-1 bits for Chrome).
>

I don't have any problem with the idea of specifying/recommending
particular behavior for "deprecated TLS-protection." I think whether or not
it should remain in the spec, at this point, depends on whether at least
two independent implementations of it currently exist.

Cheers,
Brian

Received on Monday, 22 June 2015 20:01:10 UTC