Call for Consensus: Stop work and transition 3 Working Drafts to Working Group Notes

This is a call for consensus to transition three Working Drafts of the Web
Application Security WG to "Working Group Note" status and indicate that
they are no longer under active development towards the Recommendation
Track, as discussed at the May F2F and briefly on the list.

The following specifications are proposed for transition:
Entry Point Regulation

Last updated ~1 year ago.
Reason to transition to Note: Same-site cookies ( provide
much of the intended attack surface reduction more simply

CSP Cookie Controls

Last updated ~6 months ago.
Reason to transition to Note: The Feature Policy proposal ( could be a better home for the
intended functionality as part of a broader and more coherent approach,
rather than putting this into CSP.

CSP Pinning

Last updated ~6 months ago.
Reason to transition to Note: While this kind of feature is still
considered useful, like Cookie Controls and Feature Policy, the editor
feels it would be better managed as part of a more generalized strategy for
header pinning, and as part of that, with a strategy perhaps along the
lines of a manifest, well-known resource or service worker that doesn't
incur the cost of sending the pinning header with every request.

This CfC will be discussed on tomorrow's regularly scheduled working group
teleconference (agenda to follow shortly on this list) and will close on
Friday, 22-July-2016.

Positive responses encouraged, silence is consent.

Thank you,

Brad Hill

Received on Tuesday, 12 July 2016 21:34:08 UTC